An in-depth analysis of the cold boot attack: Can it be used for sound forensic memory acquisition?

12th May 202021st August 2011 by Forensic Focus

Abstract

The purpose of this technical memorandum is to examine the technical characteristics behind the cold boot attack technique and to understand when and how this technique should be applied to the field of computer forensic investigations. Upon thorough examination of the technique, the authors highlight its advantages, drawbacks, applicability and appropriateness for use in the acquisition of computer memory contents. The original cold boot attack paper, as conducted by a team of students and researchers in 2008, demonstrated the usefulness of computer memory remanence and how this phenomenon could be used to defeat popular disk encryptions tools and other data hiding techniques necessary for the safe storage of secret data and information. However, the technique is not a panacea and has many drawbacks dictated by the laws of physics, which cannot be overcome by the technique. The authors believe that a thorough understanding of this phenomenon will empower computer forensic investigators to take advantage of it when appropriate but also aim at dispelling various distortions surrounding it.

Keywords

Computer forensics, Memory acquisition, Cold boot attack, Software memory acquisition, Hardware memory acquisition, Flash freeze, Platform reset attack, Cold ghosting attack, Iceman attack

Author

Richard Carbone (forensicsrichard@gmail.com)

PDF Document Link

/stable/wp-content/uploads/2011/08/cold_boot_attack_for_forensiscs1.pdf

Latest Videos

Forensic Focus

Read more at https://www.forensicfocus.com/news/digital-forensics-round-up-may-01-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_mZ35M6C_GA8

Digital Forensics News Round-Up, May 01 2024 #dfir #computerforensics

Forensic Focus 1st May 2024 5:30 pm

Marco Fontani joins the Forensic Focus podcast to discuss Amped Software’s latest AI-powered tool, DeepPlate. DeepPlate is a deep learning system designed to read license plates affected by common issues introduced by surveillance systems, making it a valuable asset for forensic video analysts.

Marco provides an in-depth overview of DeepPlate, explaining how it currently supports eight countries (France, Germany, Italy, the Netherlands, Spain, Sweden, the UK, and the United States) and how it uses separate models for each country to account for varying license plate formats. He also discusses the synthetic data generation process used for training the models, ensuring privacy and mitigating bias.

The conversation delves into the limitations and considerations when using AI-based tools in a forensic workflow, with Marco emphasizing the importance of bias mitigation techniques and proper interpretation of confidence scores. He stresses that DeepPlate is an investigative tool designed to provide a second opinion, rather than a tool for court admissibility.

00:00 – What is DeepPlate and what is its purpose?
02:45 – How many countries does DeepPlate currently support?
09:30 – What are the challenges of diplomatic and personalised number plates?
11:30 – How would a forensic video analyst use DeepPlate as part of their workflow?
13:40 – Can DeepPlate be used in Court?
16:30 – What is Amped Software’s position on AI?
19:00 – What will be the impact of updated models on results?
20:50 – What kind of data is used to train the system?
23:30 – How has the system been tested?
26:15 – What are the access conditions for using DeepPlate?
28:05 – Does Amped Software retain user data for DeepPlate and if yes for how long?
29:45 – Is it possible to buy additional seats for your license?
31:00 – What are the limitations and considerations when using AI-based tools like
DeepPlate for forensic and investigative purposes?
35:20 – Does Amped Software plan to use AI in other areas?

Show Notes

Washington State Judge Blocks Use Of AI-Enhanced Video As Evidence In Possible First-Of-Its-Kind-Ruling - https://www.linkedin.com/feed/update/urn:li:activity:7181308834370494464/

Neural Network for Denoising and Reading Degraded License Plates - https://link.springer.com/chapter/10.1007/978-3-030-68780-9_39

Introducing DeepPlate, Amped’s Investigative Tool for AI-Powered License Plate Reading - https://blog.ampedsoftware.com/2024/02/28/introducing-deepplate-ampeds-investigative-tool-for-ai-powered-license-plate-reading

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_OVTrTRCC5ZQ

AI-Powered License Plate Reading With Amped DeepPlate

Forensic Focus 30th April 2024 9:58 am

Read more at https://www.forensicfocus.com/news/forensic-focus-digest-april-26-2024/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_s6w2CK1wraA

Forensic Focus Digest, April 26 2024 #digitalforensics #dfir

Forensic Focus 26th April 2024 3:35 pm

Load More... Subscribe

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feeds settings page to add an API key after following these instructions.