Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Trusted memory acquisition using UEFI
Blekinge Institute of Technology, Faculty of Computing, Department of Creative Technologies.
Blekinge Institute of Technology, Faculty of Computing, Department of Creative Technologies.
2014 (English)Student thesis
Abstract [en]

Context. For computer forensic investigations, the necessity of unmodified data content is of vital essence. The solution presented in this paper is based on a trusted chain of execution, that ensures that only authorized software can run. In the study, the proposed application operates in an UEFI environment where it has a direct access to physical memory, which can be extracted and stored on a secondary storage medium for further analysis. Objectives. The aim is to perform this task while being sheltered from influence from a potentially contaminated operating system. Methods. By identifying key components and establishing the foundation for a trusted environment where the memory imaging tool can, unhindered, operate and produce a reliable result Results. Three distinct states where trust can be determined has been identified and a method for entering and traversing them is presented. Conclusions. Tools that does not follow the trusted model might be subjected to subversion, thus they might be considered inadequate when performing memory extraction for forensic purposes.

Place, publisher, year, edition, pages
2014. , 30 p.
Keyword [en]
UEFI, Secure Boot, trust, computer forensics
National Category
Computer Science
Identifiers
URN: urn:nbn:se:bth-3582Local ID: oai:bth.se:arkivex60B493F52AF54C8AC1257D0800677023OAI: oai:DiVA.org:bth-3582DiVA: diva2:830892
Educational program
DVACD Master of Science in Computer Security
Uppsok
Technology
Supervisors
Available from: 2015-04-22 Created: 2014-07-01 Last updated: 2016-02-22Bibliographically approved

Open Access in DiVA

fulltext(552 kB)148 downloads
File information
File name FULLTEXT01.pdfFile size 552 kBChecksum SHA-512
3f1a19075e1b306f6f712b66b6f51a21456562fa283565553f6ba5e8f268ed54e377e8c275f4c7c3e6acc77e478b09c0d50e320bc0dac6b507d18c82d42e6b2a
Type fulltextMimetype application/pdf

By organisation
Department of Creative Technologies
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 148 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 364 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf