| Thomas Gougeon |  |
 |
Date of the talk: 8 September 2017, 10h30-11h30
Analyse forensique des mémoires de cartes ŕ puce
In our increasingly connected world, smart cards are involved in any everyday activity, and they gather and record plenty of personal data. The need to interpret the raw data of smart card memory has never been stronger. However, without the knowledge of the specifications, it is difficult to retrieve what are the information stored, their location, and the encoding used to store them. This talk presents a method retrieving the stored information in the non-volatile memory of smart cards. This information include dates (e.g., birth date or event date) and textual information (e.g., name, address). In order to retrieve this information, it is possible to perform an exhaustive decoding of the data with several decoding functions. Unfortunately, this technique generates a lot of false positives. Indeed, a false positive occurs when a decoding function is applied to data that have been encoded with another function. Three methods exploiting smart cards specificities to eliminate the false positives are presented. The first identifies cryptographic material in these non-volatile memories in order to prevent the false positives generated by the decoding of these cryptographic objects. The two others retrieve respectively textual information and dates in these memories. In order to validate these methods, they are applied on 371 memory dumps of real-life smart cards.
