A kernel memory collecting method for efficent disk encryption key search
![]() |
Kang, Youngbok
(Chonnam National University System Security Research Center)
Hwang, Hyunuk (The Attached Institute of ETRI) Kim, Kibom (The Attached Institute of ETRI) Lee, Kyoungho (Chonnam National University System Security Research Center) Kim, Minsu (Mokpo National University) Noh, Bongnam (Chonnam National University System Security Research Center) |
1 | Niedermeier, "In Re Boucher", United States District Court No. 2:06-mj-91 2009 WL 424718, Nov. 2009. |
2 | Sasa Mrdovic, Alvin Huseinovic "Forensic Analysis of Encrypted Volumes Using Hibernation File," Telecommunications Forum, pp. 1277 - 1280, Nov. 2011. |
3 | Christopher Hargreaves, Howard Chivers "Recovery of Encryption Keys from Memory Using a Linear Scan March," ARES 08. Third International Conference on, pp. 1369-1376, Mar. 2008. |
4 | Average RAM, http://techtalk.pcpitsto p.com/research-charts-memory/, May. 2008. |
5 | 마크 러시노비치, 데이비드 솔로몬, 알렉스 이오네 스쿠, "Windows Internals 5," 에이콘출판사, pp. 901-912, 2010년 7월 |
6 | Robin Snyder, "Some Security Alternatives for Encrypting Information on Storage Devices," InfoSecCD 06 Proceedings ofthe 3rd annual conference on Informationsecurity curriculum development, pp. 79-84, 2006. |
7 | TrueCrypt, http://www.truecrypt.org |
8 | BitLocker, http://windows.microsoft.com /ko-kr/windows7/products/features/bit locker |
9 | Brian Kaplan, Advisor Matthew Geiger, "RAM is Key," Master of Science in Information Security Policy and Management, pp. 14-18, May. 2007. |
10 | ExAllocate Pool With Tag , http://msdn.microsoft.com/en-us/libra ry/windows/hardware/ff544520(v=vs.8 5).aspx |
11 | VirtualLock, http://msdn.microsoft.com /en-us/library/windows/desktop/aa366 895(v=vs.85).aspx |
12 | Volatility memdump, http://code.google. com/p/volatility/wiki/CommandReference22# memdump |
13 | ProcessExplorer, http://technet.micro soft.com/ko-kr/sysinternals/bb896653. aspx |
14 | AMD64 Technology, "AMD64 Architecture Programmer's Manual Volume 2:System Programming," Advanced Micro Device Inc, Publication No. 24593, pp. 127-144, May. 2013. |
15 | Volatility driverscan, http://code.google. com/p/volatility/wiki/CommandReference 22#driverscan |
16 | Volatility psscan, http://code.google.com /p/volatility/wiki/CommandReference22 #psscan |
17 | Password Recovery, http://www.lostpassword. com/kit-forensic.htm |
![]() |