https://github.com/tregua87/sgx-forensic

Collection of tools to perform memory analysis of machine SGX-enabled
https://github.com/tregua87/sgx-forensic

Last synced: about 1 month ago
JSON representation

Collection of tools to perform memory analysis of machine SGX-enabled

• Host: GitHub
• URL: https://github.com/tregua87/sgx-forensic
• Owner: tregua87
• Created: 2020-12-18T01:07:57.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2021-09-22T13:48:51.000Z (over 3 years ago)
• Last Synced: 2024-11-09T12:39:48.073Z (7 months ago)
• Language: Python
• Size: 260 KB
• Stars: 4
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• Awesome-SGX-Open-Source - https://github.com/tregua87/sgx-forensic

README

        
# SGX MEMORY FORENSIC PROJECT

This project collects a set of tools for performing forensic memory analysis of SGX enclaves.

The project is structured as follow:

- [LiME for SGX machines](./lime): `./lime` contains a custom LiME version that traverses and dumps the SGX enclaves structure allocated by the kernel. Moreover, the tool attempts at donwloading the encalve page content if they are in DEBUG mode. The project handles the two Intel SGX driver released so far (i.e., isgx and DCAP).

- [Volatility Overlay Utilities](./volatility-module): `./volatility-module` contains the tools to create a Volatility Profile enabled to inspect the SGX encalve structures allocated at kernel side.

- [Volatility SGX Plugin](./volatility-plugin): `./volatility-plugin` contains a volatility plugin that analysis the enclave memory layout, extracts the ECALL/OCALL/ECREATE, and provides other forensic information.

- [Replicate Paper's Result](./EXPERIMENT.md): `EXPERIMENT.md` an installation guide to replicate the experiments in the paper.

The project is maintained by:

- Flavio Toffalini (https://github.com/tregua87)

- Andrea Oliveri (https://github.com/IridiumXOR/)