Research Article
Forensically Sound Retrieval and Recovery of Images from GPU Memory
@INPROCEEDINGS{10.1007/978-3-319-25512-5_5, author={Yulong Zhang and Baijian Yang and Marcus Rogers and Raymond Hansen}, title={Forensically Sound Retrieval and Recovery of Images from GPU Memory}, proceedings={Digital Forensics and Cyber Crime. 7th International Conference, ICDF2C 2015, Seoul, South Korea, October 6--8, 2015, Revised Selected Papers}, proceedings_a={ICDF2C}, year={2015}, month={10}, keywords={GPU forensics Graphic recovery Volatile memory acquisition}, doi={10.1007/978-3-319-25512-5_5} }- Yulong Zhang
Baijian Yang
Marcus Rogers
Raymond Hansen
Year: 2015
Forensically Sound Retrieval and Recovery of Images from GPU Memory
ICDF2C
Springer
DOI: 10.1007/978-3-319-25512-5_5
Abstract
This paper adopts a method to retrieve graphic data stored in the global memory of an NVIDIA GPU. Experimentation shows that a 24-bit TIFF formatted graphic can be retrieved from the GPU in a forensically sound manner. However, like other types of Random Access Memory, acquired data cannot be verified due to the volatile nature of the GPU memory. In this work a Color Pattern Map Test is proposed to reveal the relationship between a graphic and its GPU memory organization. The mapping arrays derived from such testing can be used to visually restore graphics stored in the GPU memory. Described ‘photo tests’ and ‘redo tests’ demonstrate that it is possible to visually restore a graphic from the data stored in GPU memory. While initial results are promising, more work is still needed to determine if such methods of data acquisition within GPU memory can be considered forensically sound.
