Starting from Windows 11, the Trusted Platform Module (TPM) 2.0 has become a computer requirement, providing hardware-based security capabilities. This poses a challenge to digital forensics experts, ...as the number of BitLocker-encrypted evidence protected by TPM tends to increase. This paper presents a forensic method for obtaining the BitLocker Volume Master Key (VMK) from TPM-protected evidence using Intel DCI technology and reverse engineering techniques. It shows how to enable Intel DCI in the firmware, reverse the Windows Boot Manager UEFI application, and debug the target computer using a USB 3 A–A cable to retrieve the VMK from memory. We have effectively applied the presented method on a computer with a 7th-generation Intel processor containing a BitLocker-encrypted volume with TPM protection and Windows 11 Pro. As a result, we were able to fully decrypt the BitLocker volume with the VMK and gain data access. We consider, however, that the success of the presented method depends on the ability to enable Intel DCI in the target computer, which may not be feasible in every system.
Orientador : Paulo Licio de Geus
Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Matematica, Estatistica e Computação Cientifica
Made available in DSpace on ...2018-08-03T07:51:22Z (GMT). No. of bitstreams: 1
Reis_MarceloAbdallados_M.pdf: 9429649 bytes, checksum: 45ad0b124a9f522bfcb276ea6509bef1 (MD5)
Previous issue date: 2003
Resumo: Soluções eficazes de detecção de intrusão continuam a ser perseguidas a medida que os ambientes computacionais tornam-se mais complexos e os atacantes continuamente adaptam suas tecnicas para sobrepujar as inovações em segurança de computadores. E nesse sentido que a adoção de melhores modelos de segurança, que representem de maneira mais proxima as condições em que a maioria das redes de computadores se encontra (um ambiente hostil e sujeito a falhas), pode representar um passo na direção dessa busca por soluções eficazes de detecção de intrusão. A analogia entre segurança de computadores e o sistema imunologico humano constitui uma rica fonte de inspiração para o desenvolvimento de novos mecanismos de defesa, sejam algoritmos e tecnicas de detecção de intrusão, polIticas de segurança mais atentas a existencia de falhas ou sistemas completos de segurança. Em linhas gerais, quando um microbio desconhecido e identificado pelo sistema imunologico humano, um mecanismo de aprendizado e aplicado com o intuito de adquirir conhecimento sobre o invasor e gerar um conjunto de celulas de defesa especializadas em sua detecção. Desse modo, a memoria imunologica e atualizada autonomamente, permitindo a identificação futura mais eficiente do mesmo microbio. Com o objetivo de mapear essa caracteristica de aprendizado para um sistema de segurança de computadores, baseado no modelo imunologico humano, este trabalho apresenta um estudo no sentido de se entender como utilizar a forense computacional, de maneira automatizada, na identificação e caracterização de um ataque. Como resultados desta pesquisa são apresentados a modelagem de um sistema de segurança imunologico, uma arquitetura extensIvel para o desenvolvimento de um sistema automatizado de analise forense e um prototipo inicial que implementa parte dessa arquitetura
Abstract: The challenge faced by intrusion detection is the design of more effective solutions as long as computer systems become more complex and intruders continually adapt their techniques to overcome the inovations on computer security. In this sense the adoption of better security models, that closely resembles the conditions in which most of computer networks are (a hostile and flawy environment), may represent a step towards the design of better solutions to intrusion detection. The analogy between computer security and the human immune system provides a rich source of inspiration to the development of new defense strategies, might it be intrusion detection algorithms and techniques, security policies more conscious about the existance of flaws or integrated security systems. When an unknown microbe is identified by the human immune system, a learning mechanism is applied in order to aquire knowledge about the intruder and to generate a set of defense cells specialized in its detection. In this way, the immune memory is autonomously updated, allowing a more efficient detection of the same microbe in the future. In order to map this learning feature to a computer security system, based on the human immune model, this dissertation presents a research towards the understanding of how to use computer forensics, in an automatic fashion, to identify and characterize a computer attack. As results to this research are presented the desing model to a computer immune security system, an extensible architecture to the development of an automated forensic analyser and a prototype that implements part of this architecture
Mestrado
Mestre em Ciência da Computação
Congresso de Administração, Sociedade e Inovação Moutinho Abdalla, Márcio; Teodoro, Pítias; Goncalves do Amaral, Marcelo ...
Revista de Administração, Sociedade e Inovação,
01/2022, Letnik:
8, Številka:
1
Journal Article
The AISI 4340 steel has been largely employed for structural purposes, which requires resistance levels with yield strength above 1400 MPa and it attains high levels of resistance in dual phase, ...bainitic or martensitic microstructural conditions. The samples of AISI 4340 steel with different microstructural conditions (martensitic, bainitic and ferritic/perlitic) have been submitted to fatigue tests on push-pull mode. Subsequently, the new specimens underwent a shot peening surface treatment and new fatigue tests. The results have been discussed in comparison to the three microstructural conditions studied and they were related to a microstructural characterization. The results have showed that a shot peening treatment is not always beneficial to fatigue life, since there is a relationship between the compressive stresses developed on the surface and its roughness formed due to the deformations. Under the three microstructural above studied it was noticed a strong fatigue life reduction in the martensitic condition because such microstructure is considered less ductile.