skip to main content
10.1145/3098954.3098978acmotherconferencesArticle/Chapter ViewAbstractPublication PagesaresConference Proceedingsconference-collections
research-article

Memory carving can finally unveil your embedded personal data

Published: 29 August 2017 Publication History

Abstract

Smart cards are involved in most of activities, and they gather and record plenty of personal data. A manual interpretation of these raw data is difficult without specifications. This task becomes really tedious applied to plenty of devices. The paper introduces the first method to automatically retrieve textual information from memory dumps of smart cards. Given the data structure and encoding are assumed to be unknown, the method is based on text statistics and characteristics of smart cards to discard false positives. The experiments performed on more than 350 memory dumps revealed that the method can automatically retrieve more than 99% of textual information available in a dump, while keeping the false positive rate as low as 5.5%.

References

[1]
Gildas Avoine, Luca Calderoni, Jonathan Delvaux, Dario Maio, and Paolo Palmieri. 2014. Passengers information in public transport and privacy: Can anonymous tickets prevent tracking? International Journal of Information Management 34, 5 (2014), 682--688.
[2]
Mariusz Burdach. 2006. Physical memory forensics. (2006). https://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Burdach.pdf.
[3]
US Census. 2000. Frequently Occurring Surnames from the Census 2000. (2000). http://www.census.gov/topics/population/genealogy/data/2000_surnames.html.
[4]
Calypso CNA. Calypso. (????). http://www.calypsostandard.net/, Accessed June 1, 2017.
[5]
Michael I Cohen. 2007. Advanced carving techniques. Digital Investigation 4, 3 (2007), 119--128.
[6]
Digital Corpora. 2015. BULKEXTRACTOR. (2015). http://www.forensicswiki.org/wiki/Bulk_extractor.
[7]
Céline Delforge. 2009. La carte MOBIB mise à nu: le Ministre Smet doit s'expliquer. (2009). http://ecolo.be/?article1065.
[8]
EMVCo. 2015. EMV Specification. (2015). https://www.emvco.com/specifications.aspx.
[9]
Simson L Garfinkel. 2013. Digital media triage with bulk data analysis and bulk_extractor. Computers & Security 32 (2013), 56--72.
[10]
Thomas Gougeon, Morgan Barbier, Patrick Lacharme, Gildas Avoine, and Christophe Rosenberger. 2016. Memory carving in embedded devices: separate the wheat from the chaff. In ACNS, Vol. 9696. Springer, Guildford, UK, 592--608.
[11]
Belgium government. eidReader. (????). http://eid.belgium.be/en/using_your_eid, Accessed June 1, 2017.
[12]
ICAO. 2016. Doc 93003, Machine Readable Travel Documents. (2016). http://www.icao.int/publications/Documents/9303_p3_cons_en.pdf.
[13]
Jean-Louis Lanet, Guillaume Bouffard, Rokia Lamrani, Ranim Chakra, Afef Mestiri, Mohammed Monsif, and Abdellatif Fandi. 2014. Memory Forensics of a Java Card Dump. In Smart Card Research and Advanced Applications. Springer, Paris, France, 3--17.
[14]
Alain Pannetrat. 2015. CardPeek. (2015). http://pannetrat.com/Cardpeek/.
[15]
Rainer Poisel and Simon Tjoa. 2013. A Comprehensive Literature Review of File Carving. In ARES. IEEE, Regensburg, Germany, 475--484.
[16]
Openwall Project. 2016. John the Ripper. (2016). http://www.openwall.com/john/.
[17]
Wolfgang Rankl and Wolfgang Effing. 2004. Smart card handbook. John Wiley & Sons.
[18]
Gerard Salton and Christopher Buckley. 1988. Term-weighting approaches in automatic text retrieval. Information processing & management 24, 5 (1988), 513--523.
[19]
Ah-Hwee Tan. 1999. Text mining: The state of the art and the challenges. In Proceedings of the PAKDD 1999 Workshop on Knowledge Disocovery from Advanced Databases, Vol. 8. Springer, Beijing, China, 65--70.
[20]
Ton Van Deursen, Sjouke Mauw, and Sasa Radomirovic. 2011. mCarve: Carving Attributed Dump Sets. In USENIX Security Symposium. USENIX Association Berkeley, San Francisco, California, USA, 107--121.
[21]
Harry Zhang. 2004. The optimality of naive Bayes. In Proceedings of the Seventeenth International Florida Artificial Intelligence Research Society Conference. AAAI Press, Miami Beach, Florida, USA, 562--568.

Cited By

View all
  • (2017)Retrieving dates in smart card dumps is as hard as finding a needle in a haystack2017 IEEE Workshop on Information Forensics and Security (WIFS)10.1109/WIFS.2017.8267663(1-6)Online publication date: Dec-2017

Index Terms

  1. Memory carving can finally unveil your embedded personal data

      Recommendations

      Comments

      Information & Contributors

      Information

      Published In

      cover image ACM Other conferences
      ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and Security
      August 2017
      853 pages
      ISBN:9781450352574
      DOI:10.1145/3098954
      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      Published: 29 August 2017

      Permissions

      Request permissions for this article.

      Check for updates

      Author Tags

      1. Forensics
      2. binary analysis
      3. memory carving
      4. smart cards

      Qualifiers

      • Research-article
      • Research
      • Refereed limited

      Conference

      ARES '17
      ARES '17: International Conference on Availability, Reliability and Security
      August 29 - September 1, 2017
      Reggio Calabria, Italy

      Acceptance Rates

      ARES '17 Paper Acceptance Rate 100 of 191 submissions, 52%;
      Overall Acceptance Rate 228 of 451 submissions, 51%

      Contributors

      Other Metrics

      Bibliometrics & Citations

      Bibliometrics

      Article Metrics

      • Downloads (Last 12 months)2
      • Downloads (Last 6 weeks)0
      Reflects downloads up to 15 Feb 2025

      Other Metrics

      Citations

      Cited By

      View all
      • (2017)Retrieving dates in smart card dumps is as hard as finding a needle in a haystack2017 IEEE Workshop on Information Forensics and Security (WIFS)10.1109/WIFS.2017.8267663(1-6)Online publication date: Dec-2017

      View Options

      Login options

      View options

      PDF

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      Figures

      Tables

      Media

      Share

      Share

      Share this Publication link

      Share on social media