Title

Firewire Forensics in Modern Operating Systems

Document Type

Conference Proceeding

Faculty

Faculty of Computing, Health and Science

School

School of Computer and Security Science / Centre for Security Research

RAS ID

9159

Comments

Hannay, P., & Woodward, A. (2009). Firewire Forensics in Modern Operating Systems. In Security and Management (pp. 635-638).

Abstract

This research looked at whether the FireWire direct memory access function tool would work with three modern Windows operating systems. The tool requires local access to the PC and allows the logon to be bypassed, and also allows for memory dumping to be performed on the target computer. It was found that Windows XP allowed for full access and memory dumping, while Windows Vista and Windows 7 allowed for memory dumping only. The inability to unlock the two newer operating systems appears to be a product of a change in memory location of the target data, rather than a fix. This has implications for digital forensics in that keys to some encryption programs can be found in memory.

This document is currently not available here.

 
COinS