mCarve: Carving Attributed Dump Sets

Ton van Deursen, Sjouke Mauw, Saša Radomirović

Research output: Chapter in Book/Report/Conference proceedingConference contribution

27 Downloads (Pure)

Abstract

Carving is a common technique in digital forensics to recover data from a memory dump of a device. In contrast to existing approaches, we investigate the carving problem for sets of memory dumps. Such a set can, for instance, be obtained by dumping the memory of a number of smart cards or by regularly dumping the memory of a single smart card during its lifetime. The problem that we define and investigate is to determine at which location in the dumps certain attributes are stored. By studying the commonalities and dissimilarities of these dumps, one can significantly reduce the collection of possible locations for such attributes. We develop algorithms that support in this process, implement them in a prototype, and apply this prototype to reverse engineer the data structure of a public transportation card.
Original languageEnglish
Title of host publicationProceedings of the 20th USENIX Security Symposium
Place of PublicationUnited States
PublisherUSENIX Association
Pages107-121
Number of pages15
ISBN (Print)9781931971874
Publication statusPublished - 2011
Event20th USENIX Security Symposium - San Francisco, United States
Duration: 8 Aug 201112 Aug 2011
https://www.usenix.org/legacy/events/sec11/

Conference

Conference20th USENIX Security Symposium
Abbreviated titleUSENIX Security '11
Country/TerritoryUnited States
CitySan Francisco
Period8/08/1112/08/11
Internet address

Fingerprint

Dive into the research topics of 'mCarve: Carving Attributed Dump Sets'. Together they form a unique fingerprint.

Cite this