Difference between pages "Malware" and "JTAG Forensics"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Exploit Kit)
 
m (Procedures)
 
Line 1: Line 1:
'''Malware''' is a short version of '''Malicious Software'''.
+
== Definition ==
 +
=== From Wikipedia ([http://en.wikipedia.org/wiki/Joint_Test_Action_Group http://en.wikipedia.org/wiki/Joint_Test_Action_Group ]): ===
  
Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.
+
Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.
  
== Virus ==
+
=== Forensic Application ===
A computer program that can automatically copy itself and infect a computer.
+
  
== Worm ==
+
JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.
A self-replicating computer program that can automatically infect computers on a network.
+
  
== Trojan horse ==
+
== Tools and Equipment ==
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
+
  
== Spyware ==
+
* [[JTAG and Chip-Off Tools and Equipment]]
A computer program that can automatically intercept or take partial control over the user's interaction.
+
  
== Exploit Kit ==
+
== Procedures ==
A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits]. Often utilizing a drive-by-download.
+
  
=== Drive-by-download ===
+
* [[JTAG HTC Wildfire S]]
Any download that happens without a person's knowledge [http://en.wikipedia.org/wiki/Drive-by_download].
+
* [[JTAG Huawei TracFone M865C]]
 
+
* [[JTAG Huawei TracFone H866C]]
== See Also ==
+
* [[JTAG Huawei U8655]]
 
+
* [[JTAG Huawei Y301-A1 Valiant]]
== External Links ==
+
* [[JTAG LG L45C TracFone]]
* [http://en.wikipedia.org/wiki/Malware Wikipedia entry on malware]
+
* [[JTAG LG P930 (Nitro HD)]]
* [http://en.wikipedia.org/wiki/Drive-by_download Wikipedia drive-by-download]
+
* [[JTAG LG E960 (Nexus 4)]]
* [http://www.viruslist.com/ Viruslist.com]
+
* [[JTAG Samsung Galaxy Centura (SCH-S738C)]]
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
+
* [[JTAG Samsung Galaxy S4 (SGH-I337)]]
 
+
=== Exploit Kit ===
+
* [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits What Are Exploit Kits?], by [[Lenny Zeltser]], October 26, 2010
+
* [http://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/ The four seasons of Glazunov: digging further into Sibhost and Flimkit], by Fraser Howard, July 2, 2013
+
* [http://www.kahusecurity.com/2013/kore-exploit-kit/ Kore Exploit Kit], Kahu Security blog, July 18, 2013
+
 
+
[[Category:Malware]]
+

Revision as of 18:35, 23 December 2013

Definition

From Wikipedia (http://en.wikipedia.org/wiki/Joint_Test_Action_Group ):

Joint Test Action Group (JTAG) is the common name for what was later standardized as the IEEE 1149.1 Standard Test Access Port and Boundary-Scan Architecture. It was initially devised for testing printed circuit boards using boundary scan and is still widely used for this application. Today JTAG is also widely used for IC debug ports. In the embedded processor market, essentially all modern processors support JTAG when they have enough pins. Embedded systems development relies on debuggers talking to chips with JTAG to perform operations like single stepping and breakpointing. Digital electronics products such as cell phones or a wireless access point generally have no other debug or test interfaces.

Forensic Application

JTAG forensics is an acquisition procedure which involves connecting to the Standard Test Access Port (TAPs) on a device and instructing the processor to transfer the raw data stored on connected memory chips. Jtagging supported phones can be an extremely effective technique to extract a full physical image from devices that cannot be acquired by other means.

Tools and Equipment

Procedures