| | SLO | ENG | Cookies and privacy

Bigger font | Smaller font

Show document Help

Title:Postopki zajema in analiza ter pomen neobstojnih podatkov v digitalni forenziki : diplomsko delo visokošolskega strokovnega študija Informacijska varnost
Authors:ID Bogovčič, Gregor (Author)
ID Markelj, Blaž (Mentor) More about this mentor... New window
ID Bernik, Igor (Co-mentor)
Files:.pdf VS_Bogovcic_Gregor_2015.pdf (1,78 MB)
MD5: 7CDFC305E797175CE53E5E265AEAE306
 
Language:Slovenian
Work type:Bachelor thesis/paper
Typology:2.11 - Undergraduate Thesis
Organization:FVV - Faculty of Criminal Justice and Security
Abstract:V diplomski nalogi predstavljamo vejo digitalne forenzike, ki se ukvarja z zajemom, zavarovanjem in delom z neobstojnimi podatki. Neobstojni podatki so podatki, ki se hranijo v neobstojnem pomnilniku, dokler ima ta dostop do izvora energije. V trenutku, ko je dostop do elektrike prekinjen, se podatki postopoma, a razmeroma hitro izgubijo. V nalogi skušamo opozoriti na pomen neobstojnih podatkov v forenzičnih preiskavah, saj obsegajo med drugim tudi vse podatke in vse aplikacije, ki jih imamo trenutno naložene in zagnane. Z vidika varnosti pa so v pomnilniku shranjeni tudi vsi aktivni šifrirni ključi itd. V nalogi na začetku na kratko predstavimo osnovne pojme v zvezi s samim področjem. Nalogo nadaljujemo s predstavitvijo postopka zajema neobstojnih podatkov, kjer je poudarek tudi na načrtovanju zajema podatkov. Prav tako predstavimo nekatera programska orodja za zajem in analizo slik delovnega pomnilnika. Praktično prikažemo primer zajema neobstojnih podatkov iz delovnega pomnilnika s pomočjo izkoriščanja neposrednega dostopa do pomnilnika (ang. DMA) s pomočjo programske opreme Inception in vmesnika Firewire. Prav tako predstavimo programsko orodje Volatility. Opravimo tudi praktično analizo pomnilniških slik na primerih iskanja gesel v čistopisu, iskanja zgoščenih vrednosti iz registra, najdenega v pomnilniški sliki, karvanja datotek iz pomnilniške slike ter izvedemo enostavno analizo trojanskega konja Zeus s pomočjo prej pridobljene slike delovnega pomnilnika.
Keywords:računalništvo, pomnilniki, podatki, neobstojni podatki, forenzične preiskave, digitalna forenzika, diplomske naloge
Place of publishing:[Ljubljana
Place of performance:[Ljubljana
Publisher:G. Bogovčič]
Year of publishing:2015
Year of performance:2015
Number of pages:64 str.
PID:20.500.12556/DKUM-55286 New window
UDC:343.983:004.33(043.2)
COBISS.SI-ID:3053034 New window
NUK URN:URN:SI:UM:DK:3KC4RF5I
Publication date in DKUM:18.11.2015
Views:1677
Downloads:274
Metadata:XML RDF-CHPDL DC-XML DC-RDF
Categories:FVV
:
Copy citation
  
Average score:(0 votes)
Your score:Voting is allowed only for logged in users.
Share:Bookmark and Share


Hover the mouse pointer over a document title to show the abstract or click on the title to get all document metadata.

Secondary language

Language:English
Title:Methods of acquiring and analysing volatile data and the importance of volatile data in the field of digital forensics
Abstract:This Graduation Theses deals with the research of digital forensics, specifically with volatile data in volatile memory. Volatile data is the data that is stored in volatile memory only as long as the memory has access to the source of energy. At the moment access to the electricity is interrupted, the data in this type of memory is gradually, but relatively quickly lost. In the thesis we are trying to present the importance of volatile data in volatile memory for forensic investigations, as this type of memory contains all the data from the applications that are currently running in the system. From the point of view of security, data is important as it could contain active encryption keys etc. We briefly present some basic concepts how memory works. Then we continue with the presentation of methods of acquiring volatile data, where a special emphasis is on planning the data capture. We also present some of the software tools that are needed to acquire and analyze images of working memory. Thesis’s practical content includes acquiring unstable data from the main memory through the exploitation of Direct Memory Access (DMA), with the use of software Inception and Firewire interface. We also present the basic practical use of software tools as Volatility for the purpose of carrying out analysis on the acquired memory images. Volatility is also used for acquiring plain view passwords stored in memory images, searching and extracting password hash values from the registry hives found in the image memory, carving files from a memory image and analyzing the Zeus Trojan horse with the help of memory forensic techniques.
Keywords:volatile memory, volatile data, memory forensics


Comments

Leave comment

You must log in to leave a comment.

Comments (0)
0 - 0 / 0
 
There are no comments!

Back
Logos of partners University of Maribor University of Ljubljana University of Primorska University of Nova Gorica