Memory Forensics of a Java Card Dump
نویسندگان
چکیده
Nowadays several papers have shown the ability to dump the EEPROM area of several Java Cards leading to the disclosure of already loaded applet and data structure of the card. Such a reverse engineering process is costly and prone to errors. Currently there are no tools available to help the process. We propose here an approach to find in the raw data obtained after a dump, the area containing the code and the data. Then, once the code area has been identified, we propose to rebuilt the original binary Cap file in order to be able to obtain the source code of the applet stored in the card.
منابع مشابه
mCarve: Carving Attributed Dump Sets
Carving is a common technique in digital forensics to recover data from a memory dump of a device. In contrast to existing approaches, we investigate the carving problem for sets of memory dumps. Such a set can, for instance, be obtained by dumping the memory of a number of smart cards or by regularly dumping the memory of a single smart card during its lifetime. The problem that we define and ...
متن کاملComparative Study and Simulation of Digital Forensic Tools
The cyber crimes such as online banking fraud, credit card theft, child pornography, intellectual property theft, identity theft, unauthorized intrusion, money laundering, digital piracy etc. are growing rapidly with technology. Desktops, smartphones, laptops, digital cameras, GPS devices and even watches all can be used to aid a fraud. All this devices leave behind a digital footprint. Gatheri...
متن کاملPoster: Post-Intrusion Memory Forensics Analysis
A yet-to-be-solved but very vital problem in forensics analysis is accurate memory dump data type reverse engineering where the target process is not a priori specified and could be any of the running processes within the system. We present a lightweight system-wide solution that extracts data type information from the memory dump without its past execution traces. Our proposed solution constru...
متن کاملFile System Journal Forensics
Journaling is a relatively new feature of modern file systems that is not yet exploited by most digital forensic tools. A file system journal caches data to be written to the file system to ensure that it is not lost in the event of a power loss or system malfunction. Analysis of journal data can identify which files were overwritten recently. Indeed, under the right circumstances, analyzing a ...
متن کاملLinux Memory Forensics: Searching For Processes
Physical memory is a useful information source in a forensic examination, but the research on memory forensics is still in the early stage. Once the processes are located, computer forensic personnel can acquire the opened files, the network connections via further processing. This paper proposed methods of searching for process descriptors in Linux dump file. Our experiments shows that our met...
متن کامل