Automated Live Acquisition of Volatile Data: Through the use of a programmable HID control chip
Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
This research lays a foundation for automated acquisition of volatile data by presenting a prototype device which carries out the deeds of a forensic investigator, essentially making it a “forensic investigator on a stick”. The Teensy 3.0 device is programmed to interact with an external USB device for storage purposes. All interaction with a live target system must be documented thoroughly according to forensic best practices. Therefore quantitative measurements of system contamination related to the device actions are presented. The device is conclusively able to perform a memory dump and provide a warning of the existence of Truecrypt encrypted containers.
Place, publisher, year, edition, pages
2013. , 31 p.
Automation, Live Acquisition, Volatile Data, Truecrypt, Memory Dump, Teensy
Other Engineering and Technologies not elsewhere specified
IdentifiersURN: urn:nbn:se:hh:diva-23264OAI: oai:DiVA.org:hh-23264DiVA: diva2:636272
Subject / course
Computer science and engineering
Bilstrup, Urban, Adjunkt
Weckstén, Mattias, Adjunkt