Firewire Forensics in Modern Operating Systems
Document Type
Conference Proceeding
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Security Science / Centre for Security Research
RAS ID
9159
Abstract
This research looked at whether the FireWire direct memory access function tool would work with three modern Windows operating systems. The tool requires local access to the PC and allows the logon to be bypassed, and also allows for memory dumping to be performed on the target computer. It was found that Windows XP allowed for full access and memory dumping, while Windows Vista and Windows 7 allowed for memory dumping only. The inability to unlock the two newer operating systems appears to be a product of a change in memory location of the target data, rather than a fix. This has implications for digital forensics in that keys to some encryption programs can be found in memory.
Comments
Hannay, P., & Woodward, A. (2009). Firewire Forensics in Modern Operating Systems. In Security and Management (pp. 635-638).