mCarve: Carving Attributed Dump Sets
نویسندگان
چکیده
Carving is a common technique in digital forensics to recover data from a memory dump of a device. In contrast to existing approaches, we investigate the carving problem for sets of memory dumps. Such a set can, for instance, be obtained by dumping the memory of a number of smart cards or by regularly dumping the memory of a single smart card during its lifetime. The problem that we define and investigate is to determine at which location in the dumps certain attributes are stored. By studying the commonalities and dissimilarities of these dumps, one can significantly reduce the collection of possible locations for such attributes. We develop algorithms that support in this process, implement them in a prototype, and apply this prototype to reverse engineer the data structure of a public transportation card.
منابع مشابه
Making Sense of Unstructured Memory Dumps from Cell Phones
This paper presents an alternative to traditional file carving, targeted to cell phone forensics. The proposed algorithm processes the cell phone memory dump thanks to a previous partial knowledge of the content of the regular files present in the memory dump. The memory dump is decomposed into elementary parts, each part classified according to the file type it is supposed to belong to, and fi...
متن کاملA new developed model to determine waste dump site selection in open pit mines: An approach to minimize haul road construction cost
Today, during the life of an open pit mine, million tons of materials, including waste and ore, are displacing by truck fleets. In the case of a shallow ore deposit, which is located up to 300 meters to the ground surface, depending on preliminary equipment size and capacity, it will take three to five years to remove overburden and waste rocks to expose the ore body. In that period, the main w...
متن کاملThe occurrence of newly formed minerals in acidic environment and dry-arid climate, case study: low-grade dump of Miduk copper mine
Newly minerals could be formed as a result of oxidation, hydrolysis, precipitation and dehydration processes in acid mine drainage (AMD) environment. The occurrence of secondary minerals within the dump No. 7 from Miduk copper mine was studied using mineralogical approaches including X-ray diffraction (XRD), Scanning Electron Microscope (SEM-EDS) and Raman Spectroscopy (RS). Geochemical invetig...
متن کاملHash-based carving: Searching media for complete files and file fragments with sector hashing and hashdb
Hash-based carving is a technique for detecting the presence of specific “target files” on digital media by evaluating the hashes of individual data blocks, rather than the hashes of entire files. Unlike whole-file hashing, hash-based carving can identify files that are fragmented, files that are incomplete, or files that have been partially modified. Previous efforts at hash-based carving have...
متن کاملMonitoring Blind Spots: a Major Concern for Haul Trucks
Researchers at the National Institute for Occupational Safety and Health (NIOSH), Spokane Research Laboratory, are investigating technology and methods to monitor the blind areas around large haulage equipment used in surface mines. On average, six fatalities a year can be attributed to equipment colliding with other vehicles or pedestrian workers, or backing over the edge of a dump point. Seve...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011