Monday, January 22, 2007

Link : Beyond The CPU: Cheating Hardware Based RAM Forensics

Joanna Rutkowska posted a blog about "Beyond The CPU: Cheating Hardware Based RAM Forensics".

Here is the main point of the blog :

The whole idea behind hardware based RAM acquisition is that the process of reading the memory is using Direct Memory Access (DMA) to read the physical memory. DMA, as the name suggests, does not involve CPU in the process of accessing memory. So, it seems to be a very reliable way for reading the physical memory…

But it is not! At least in some cases...
I look forward to read her presentation about this after her BlackHat DC conference.

Posted by Tedi Heriyanto at 10:17 Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)