• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Live forensics on the Windows 10 secure kernel.

Brendmo, Hans Kristian
Master thesis
Thumbnail
View/Open
18109_FULLTEXT.pdf (817.2Kb)
18109_ATTACHMENT.zip (3.836Mb)
18109_COVER.pdf (1.556Mb)
URI
http://hdl.handle.net/11250/2448948
Date
2017
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1561]
Abstract
The thesis looks at the internals of the secure kernel, explores ways of performing live forensics on the secure kernel as well as providing information on how to extract a full memory dump from a virtual machine running inside a nested hypervisor.

This thesis also provides software that is used in the investigation of said kernel, providing demonstrations on how secure kernel memory is laid out.

The thesis also provides information on Secure Kernel Objects (SKOs) which are artifacts that could be useful for a forensic investigator wishing to understand the secure kernel.
Publisher
NTNU

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit