Authors: Joe FitzPatrick
DFRWS USA 2019
Workshop Presented by Joe FitzPatrick
Sunday, July 14, 2019 15:15 – 17:15
Memory extraction is the first step to doing forensic analysis of a system. There’s a variety of tools- free and commercial, software and hardware – that assist this process – but what’s actually going on at the lowest levels?
We’ll start with a deep technical dive of how hardware device access memory, and then we’ll walk through a few hands-on labs where we’ll extract memory from a target, identify mechanisms to patch the target, and finally make the modifications to the target’s memory. If time permits, we’ll use both PCIe and JTAG to access memory on an x86 development board. We’ll conclude with discussion about current difficulties of memory extraction as well as some current and future bypasses of various protection mechanisms.
Joe FitzPatrick (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe has spent over a decade working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontroller. He has spent the past 5 years developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.