Retrieving dates in smart card dumps is as hard as finding a needle in a haystack

This paper introduces a method to automatically retrieve dates from smart card memory dumps when the card specifications are unknown. It exploits specificities of smart cards, using a multi-dump analysis augmented with contextual information. The experiments performed on more than 180 real smart cards show that our method is highly successful in removing false positives.

[1]  Simon Tjoa,et al.  A Comprehensive Literature Review of File Carving , 2013, 2013 International Conference on Availability, Reliability and Security.

[2]  Philipp Wachter,et al.  Practicability study of android volatile memory forensic research , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[3]  James Butler,et al.  Physical Memory Forensics for Files and Cache , 2011 .

[4]  Paolo Palmieri,et al.  Passengers information in public transport and privacy: Can anonymous tickets prevent tracking? , 2014, Int. J. Inf. Manag..

[5]  Jean-Louis Lanet,et al.  Memory Forensics of a Java Card Dump , 2014, CARDIS.

[6]  Joshua James,et al.  Challenges with Automation in Digital Forensic Investigations , 2013, ArXiv.

[7]  Christophe Rosenberger,et al.  Memory carving can finally unveil your embedded personal data , 2017, ARES.

[8]  Christophe Rosenberger,et al.  Memory Carving in Embedded Devices: Separate the Wheat from the Chaff , 2016, ACNS.

[9]  Farkhund Iqbal,et al.  Forensic analysis of xbox one and playstation 4 gaming consoles , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[10]  Sjouke Mauw,et al.  mCarve: Carving Attributed Dump Sets , 2011, USENIX Security Symposium.

[11]  Fred D’Aguiar Calypso , 2019, Wasafiri.

[12]  Michael I. Cohen Advanced carving techniques , 2007, Digit. Investig..