Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Anti-forensik mot minnesforensik: En litteraturstudie om anti-forensiska metoder mot minnesdumpning och minnesanalys
University of Skövde, School of Informatics.
2019 (Swedish)Independent thesis Basic level (degree of Bachelor), 15 credits / 22,5 HE creditsStudent thesisAlternative title
Anti-forensics against memory forensics : A litterature study about anti-forensic methods against memory dumping and memory analysis (English)
Abstract [sv]

IT-forensiker möter många svårigheter i sitt arbete med att inhämta och analysera data. Brottslingar använder mer och mer anti-forensiska metoder för att gömma bevis som kan användas emot dem. En vanligt förekommande anti-forensisk metod är kryptering. För att IT-forensiker skall kunna komma åt den krypterade informationen kan krypteringsnyckeln hittas i minnet på datorn. Vilket gör att datorns minne blir värdefullt att hämta och analysera. Däremot finns det flera anti-forensiska metoder som en förbrytare kan använda för att förhindra att minnet hämtas eller analyseras.

Denna studie utför en systematisk litteraturstudie för att identifiera de aktuella anti-forensiska metoder mot minnesanalys och minnesdumpning på Windows system. Flera metoder tas upp där bland annat operativsystemet modifieras eller inbyggda säkerhetsfunktioner på CPUn används för att förhindra att information hämtas eller analyseras från minnet.

Abstract [en]

IT forensics face many difficulties in their work of obtaining and analyzing data. Criminals are using more and more anti-forensic methods to hide evidence that can be used against them. One common anti-forensic method is encryption. In order for IT forensics to access the encrypted information, the encryption key can be found in the memory of the computer. This makes the computer's memory valuable to retrieved and analyze. However, there are several anti-forensic methods that a criminal can use to prevent the memory from being retrieved or analyzed. This study performs a systematic literature study to identify the current anti-forensic methods against memory analysis and memory dumping on Windows system. Several methods are addressed where, among other things, the operating system is modified or built-in security functions on the CPU are used to prevent information being retrieved or analyzed from memory.

Place, publisher, year, edition, pages
2019. , p. 35
Keywords [en]
IT-forensic, Anti-forensic, Memory analysis, Memory dumping, Memory forensics
Keywords [sv]
IT-forensik, Anti-forensik, Minnesanalys, Minnesdumpning, Minnesforensik
National Category
Computer and Information Sciences
Identifiers
URN: urn:nbn:se:his:diva-17818OAI: oai:DiVA.org:his-17818DiVA, id: diva2:1366119
Subject / course
Informationsteknologi
Educational program
Network and Systems Administration
Supervisors
Examiners
Available from: 2019-10-31 Created: 2019-10-28 Last updated: 2019-10-31Bibliographically approved

Open Access in DiVA

fulltext(668 kB)5 downloads
File information
File name FULLTEXT01.pdfFile size 668 kBChecksum SHA-512
93e1b7d53d5d41391e51b75198b4e99f6a6b88b1eb9da88222c4ff214a06796e366974af45f3a4ae383996d25af3bc69466ac4684af881454641947d56965515
Type fulltextMimetype application/pdf

By organisation
School of Informatics
Computer and Information Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 5 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 42 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf