A framework for password harvesting from volatile memory
نویسندگان
چکیده
In this paper, we challenge the widely accepted approach where a first responder does not capture the RAM of a computer system if found to be powered off at a crime scene. We investigate the presence of confidential data in RAM such as user passwords. Our findings show that even if the computer is switched off but not removed from the mains, the data are preserved. In fact, when a process is terminated but the computer is still operating, the respective data are more likely to be lost. Therefore, capturing the memory could be as critical on a switched off system as on a running one.
منابع مشابه
Practical Password Harvesting from Volatile Memory
In this paper we challenge the widely accepted approach where a first responder does not capture the RAM of a computer system if found to be powered off at a crime scene. We investigate the presence of confidential data in RAM such as user passwords. Our findings show that even if the computer is switched off but not removed from the mains, the data are preserved. In fact, when a process is ter...
متن کاملVolatools: Integrating Volatile Memory Forensics into the Digital Investigation Process
In this work, we demonstrate the integral role of volatile memory analysis in the digital investigation process and how that analysis can be used to help address many of the challenges facing the digital forensics community. We also provide a look at some of the shortcomings of existing approaches to live response. Finally, we provide the technical details for extracting in-memory cryptographic...
متن کاملSecuring Non-Volatile Main Memory
Non-volatile memories provide energy efficiency, tolerance against power failure, and “instant-on” power-up. These memories are likely to replace traditional volatile memory in next-generation laptops and desktops. However, the move to non-volatile memory introduces new vulnerabilities; sensitive data such as passwords and keys residing in main memory persists across reboots and can be probed d...
متن کاملDiscovering Authentication Credentials in Volatile Memory of Android Mobile Devices
This paper investigates whether authentication credentials in the volatile memory of Android mobile devices can be discovered using freely available tools. The experiments that we carried out for each application included two different sets: In the first set, our goal was to check if we could recover our own submitted credentials from the memory dump of the mobile device. In the second set of e...
متن کاملCatena: A Memory-Consuming Password-Scrambling Framework
It is a common wisdom that servers should store the one-way hash of their clients’ passwords, rather than storing the password in the clear. In this paper we introduce a set of functional properties a key-derivation function (password scrambler) should have. Unfortunately, none of the existing algorithms satisfies our requirements and therefore, we introduce a novel and provably secure password...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IJESDF
دوره 4 شماره
صفحات -
تاریخ انتشار 2012