Starting from Windows 11, the Trusted Platform Module (TPM) 2.0 has become a computer requirement, providing hardware-based security capabilities. This poses a challenge to digital forensics experts, ...as the number of BitLocker-encrypted evidence protected by TPM tends to increase. This paper presents a forensic method for obtaining the BitLocker Volume Master Key (VMK) from TPM-protected evidence using Intel DCI technology and reverse engineering techniques. It shows how to enable Intel DCI in the firmware, reverse the Windows Boot Manager UEFI application, and debug the target computer using a USB 3 A–A cable to retrieve the VMK from memory. We have effectively applied the presented method on a computer with a 7th-generation Intel processor containing a BitLocker-encrypted volume with TPM protection and Windows 11 Pro. As a result, we were able to fully decrypt the BitLocker volume with the VMK and gain data access. We consider, however, that the success of the presented method depends on the ability to enable Intel DCI in the target computer, which may not be feasible in every system.
A literatura apresenta muitos sistemas que foram desenvolvidos a fim de automatizar o processo de geração de hiperdocumentos multimídia a partir de experiências ao vivo; ambientes educacionais e de ...reunião são os domínios de aplicação mais comuns. Conforme reportados, os sistemas não contemplam características importantes relativas à evolução de hiperdocumentos Web, tais como a possibilidade de atualizações constantes de conteúdo e de layout, e a independência de plataforma. Este trabalho visa a implementação do sistema eMeet/SERVE, que realiza a geração automática de hiperdocumentos multimídia a partir de informações capturadas em ambientes de reuniões distribuídas na Web. O eMeet/SERVE foi implementado com a utilização da arquitetura LAIAc proposta neste trabalho habilitada a suportar a evolução dos hiperdocumentos gerados. As interfaces dos hiperdocumentos gerados pelo eMeet/SERVE foram desenvolvidas a partir de padrões e regras propostas na literatura. Além disso, um mecanismo de sincronização foi implementado nos hiperdocumentos a fim de permitir uma reprodução adequada dos elementos multimídia. A arquitetura LAIAc pode ser utilizada por outros sistemas associados à geração automática de hiperdocumentos. Com a realização deste trabalho, o eMeet/SERVE está preparado para integração com outros serviços implementados no contexto do projeto maior em que se insere, o Projeto InCA-SERVE, visando a evolução contínua dos hiperdocumentos gerados automaticamente.
The literature discusses many software systems developed to automate the process of generating multimedia hyperdocuments from live experiences; educational and meeting environments are the most common application domains. As reported, those systems do not present features considered important towards the evolution of hyperdocuments associated to live experiences, such as support to constant updates of contents or changes in layout as well as independence of platform. The work reported in this document aims at developing the eMeet/SERVE application, a system that allows the automatic generation of multimedia hyperdocuments by means of captured information from distributed meetings environments on the Web. The eMeet/SERVE system is implemented on top of the LAIAc architecture also proposed in this work an architecture enabled to support the evolution of the hyperdocuments. The presentation interfaces of the hyperdocuments have been developed according to state of the art heuristics and guidelines. Moreover, a synchronization mechanism has been embedded in the hyperdocuments to allow the appropriate playback of multimedia objects. The LAIAc architecture itself can be used by other applications associated to the automatic generation of hyperdocuments. The eMeet/SERVE is part of the InCA-SERVE Project and, as implemented, it is ready to be integrated with other services implemented in the context of that project; the overall goal is the support to the evolution of the hyperdocuments generated automatically.
With the recent amendment in Brazilian law, where possession of files containing child pornography is now considered a crime, the need to detect this type of content at crime scenes increased. This ...paper presents the NuDetective Forensic Tool, which was developed in order to assist forensic examiners to conduct such analysis in a timely manner at the crime scene. This Tool performs automatic detection of nudity in images and also performs analysis of file names. Two evaluation experiments of the Tool were performed and showed detection rates around 95%, with low rates of false positives, combined with fast processing.
The identification of child pornographic files at crime scenes can take a pedophile to jail immediately. However, this type of live analysis is a difficult task, since a computer storage device can ...actually store millions of files. NuDetective Forensic Tool was developed for this purpose and provides satisfactory results in the identification of these files, especially images, through automatic nudity detection. However, this tool does not analyze video file content, which is a temporal media, requiring a more complex analysis. In literature, the main studies of automatic pornography detection in videos do not have the primary purpose of being quick, and are not focused in the detection of child pornography. This work presents a new strategy for automatic detection of child pornographic videos. The new approach uses nudity detection on extracted video frames and statistics to perform the automatic identification of these illegal videos. Experiments showed that our new approach is quick enough to be performed at crime scenes with detection rates around 85%, bringing new benefits for forensic examiners in the identification of child pornographic files.