Digital Forensic Techniques for Static Analysis of NTFS File System Images

Total Page:16

File Type:pdf, Size:1020Kb

Digital Forensic Techniques for Static Analysis of NTFS File System Images Forensic Identification and Detection of Hidden and Obfuscated Malware Mamoun Atef Alazab Bachelor degree of Computer Science Higher Diploma degree of Computer Science Master degree of Information Technology This thesis is submitted in total fulfilment of the requirements for the degree of Doctor of Philosophy School of Science, Information Technology and Engineering University of Ballarat PO Box 663 University Drive, Mount Helen Ballarat, Victoria 3353 Australia January 2012 Principal Supervisor: Dr Sitalakshmi Venkatraman Associate Supervisor: Associate Professor Paul Watters ii Statement of Authorship Except where explicit reference is made in the text of the thesis, this thesis contains no material published elsewhere or extracted in whole or in part from a thesis by which I have qualified for or been awarded another degree or diploma. No other person‘s work has been relied upon or used without due acknowledgement in the main text and bibliography of the thesis. Signed: Name: Dated: iii Forensic Identification and Detection of Hidden and Obfuscated Malware Mamoun Alazab January 2012 iv Dedication To my parents, who gave me what I need to get here. Your love and support have given me the biggest strength. v Acknowledgements During the duration of my PhD study I was blessed with a combination of excellent supervision, institutional assistance, inspirational colleagues, industry encouragement and a supportive family. I have been fortunate to have enjoyed this level of support throughout this endeavour. It is not possible to acknowledge everyone who has made a contribution to this study, but special thanks go to those who have given me generous support and encouragement during my time as a PhD student and during the process of writing this dissertation, who have supported me greatly during my PhD. It has been a difficult time and without them I could not have done it. First, special thanks to my wonderful parents: my dad and my mum who have provided much support and encouragements over the years. Very special recognition is due to my principal supervisor, Dr Sitalakshmi Venkatraman. Without her encouragement, mentorship and her continuous support, I doubt I would find myself here. I am indebted to Dr Venkatraman for her feedback, enthusiasm, editing skills, wisdom, insight and expertise in the field of computer security, without which this dissertation would undoubtedly be a lesser contribution to knowledge. I also thank her for her tireless support, motivation and encouragement throughout my studies, for the many hours she devoted in supervising my work, and for setting an exceptional role model in research excellence. I also would like to thank her for her 5 P‘s (Plan, Prepare, Passion, Persistence and Patience) and for reminding me when they were needed. vi My biggest thanks must be given to my Associate Professor Paul Watters for his unconditional support, respect and belief in me. I appreciate his vast profound knowledge and skills in many areas. I am greatly indebted for his valuable instructions and suggestions in my research work. I have learnt from him a lot not only about academic studies, but also the professional ethics. This research has been supported by IBM, Westpac, the Victorian Government and the Australian Federal Police, the shared communications between these sectors has been invaluable and has offered insight where blindness would have ensued. The team at Westpac in particular have been invaluable with their knowledge, insight and feedback, and have provided me with lots of opportunities to improve as a researcher and as a professional. I would like to express my heartfelt gratitude to Simon Brown of Westpac for his valuable ideas, suggestions, constant encouragement and guidance during my research work. Without such inputs, this thesis would not have reached the required practical applicability that has been achieved, which is an important aspect in cybercrime research. I would also like to thank numerous colleagues, who offered advice and constant encouragement, I would like to acknowledge the helpful support in particular: Kylie Turville, Rosemary Torney, Oarabile Maruatona, and Mofakharul Islam, for their patience, support, guidance and being a great friend throughout the last 3 years of my study and I hope to have the opportunity to continue to interact with all of them in the future. Special thanks to my colleague Robert Layton, who gave me support and assist at important times as research assistance during data collection and data analysis. vii I would like to thank my two brothers Ammar Alazab and Moutaz Alazab for being with me in this long journey and joining me in Australia to be as a family. Also, I would like to thank all my siblings; Abed Almajed Alazab, Omar Alazab, my only sister Remah Alazab, who have all given me support throughout my life, have helped to make this possible, and have ultimately made the end result mean much more than just obtaining a degree. Also, I would like to thank my patient and wonderful partner, Penny Butler, who copyedited my first PhD paper in this dissertation and proofread some of my emails, for her deep understanding, profound encouragements, unlimited support, constant belief, love, help, and patience. The wonderful staff of the University of Ballarat, those within the Research and Graduate Studies Office, in particular Diane Clingin and Elanor Mahon, and the School of Science, Information Technology and Engineering, in particular Prof. John Yearwood (Dean) with administrative support from Maxine Kingston, Yve Rowe and Rebecca Davis. The support offered by the Internet Commerce Security Laboratory team has been invaluable to me. Finally, I would also like to take this opportunity to thank the examiners for their time and devotion in regarding my PhD thesis. viii List of Publications The following papers, I author and co-author, which have been previously published or are currently in submission, are reprinted in this dissertation with the full permission of all co-authors of the papers: JOURNAL PUBLICATIONS 23- Mamoun Alazab, Shamsul Huda, Paul Watters, Sitalakshmi Venkataraman and John Yearwood ―A novel Malware detection using hybrid Wrapper-Filter approach and op-code frequency statistics based on extended x86 IA-32 binary assembly instructions‖, (submitted). 22- Salah Al-Hyari, Moutaz Alazab, Sitalakshmi Venkatraman, Mamoun Alazab, and Ammar Alazab ―Six Sigma Approach to Improve Quality in e-Services – An Empirical Study in Jordan‖ (Accepted) IGI Global, The International Journal of Electronic Government Research (IJEGR), 2011. 21- Salah Al-Hyari, Moutaz Alazab, Sitalakshmi Venkatraman, Mamoun Alazab, and Ammar Alazab ―Performance Evaluation of E-Government Services Using Balance Scorecard An Empirical Study Jordan E-Government‖ (Accepted) Benchmarking: an International Journa, Taylor & Francis, Local Government Studies, 2011. 20- Mamoun Alazab, Mohammad Alkadiri, and Sitalakshmi Venkatraman ―Multivariate Logistic regression model for Malware anomaly detection based on operation code instructions‖, (Submitted) Journal of Computing, 2011. 19- Said Elaiwat, Ammar Alazab, Sitalakshmi Venkatraman and Mamoun Alazab "Applying Genetic Algorithm for Optimizing Broadcasting Process in Ad-hoc Network", The International Journal of Recent Trends in Engineering and Technology, The Association of ix Computer Electronics and Electrical Engineers , ISSN: 1797-9617, Vol.4, No.1, 2010, pp. 68 – 72. 18- Mamoun Alazab, Sitalakshmi Venkataraman and Paul Watters ―Effective digital forensic analysis of the NTFS disk image‖, Ubiquitous Computing and Communication Journal, ISSN 1994-4608, Vol. 4, No. 3, 2009, pp. 551- 558. BOOK CHAPTERS 17- Mamoun Alazab, Paul Watters, Sitalakshmi Venkatraman, and Moutaz Alazab ―Malware Forensics: The Art of Detecting Hidden Maliciousness‖ Book Title: IT Security Governance Innovations: Theory and Research, (Accepted to publish), IGI Global, 2011. 16- Ammar Alazab, Sitalakshmi Venkatraman, Jemal Abawajy, and Mamoun Alazab "An Optimal Transportation Routing Approach using GIS-based Dynamic Traffic Flows", Book Title: Management Technology and Applications Proceedings of the International Conference on. In Rawani, A. & Zhang C. (Eds), ISBN 978-981-08-6884-0, Research Publishing Services, 2010, pp. 168 – 174. 15- Mofakharul Islam, Sitalakshmi Venkatraman and Mamoun Alazab ―Stochastic Model Based Approach for Biometric Identification‖, Book Title: Technological Developments in Networking, Education and Automation. In K. Elleithy, T. Sobh, M. Iskander, V. Kapila, M. A. Karim & A. Mahmood (Eds.) Engineering, ISBN: 978-90-481-9151-2, Springer Netherlands, 2010, pp. 303-308. 14- Mamoun Alazab, Mofakharul Islam, Sitalakshmi Venkatraman ―Towards Automatic Image Segmentation Using Optimised Region Growing Technique‖, Book Title: AI 2009: Advances in Artificial Intelligence. In A. Nicholson & X. Li (Eds.) Lecture Notes in x Computer Science, ISBN: 978-3-642-10438-1, Springer-Verlag Berlin Heidelberg, 2009, Vol.5866, pp. 131-139. CONFERENCE PUBLICATIONS 13- Mamoun Alazab, Sitalakshmi Venkatraman, Paul Watters, and Moutaz Alazab "Zero-day Malware Detection based on Supervised Learning Algorithms of API call Signatures" Ninth Australasian Data Mining Conference: AusDM 2011, CRPIT series, 1-2 December 2011, Ballarat, Victoria, Australia. 12- Mamoun Alazab, Paul Watters, Sitalakshmi Venkatraman, Ammar Alazab, and Moutaz Alazab ―Cybercrime: Current Trends of Malware Threats‖ International Conference in Global Security Safety and Sustainability / International
Recommended publications
  • NTFS • Windows Reinstallation – Bypass ACL • Administrators Privilege – Bypass Ownership
    Windows Encrypting File System Motivation • Laptops are very integrated in enterprises… • Stolen/lost computers loaded with confidential/business data • Data Privacy Issues • Offline Access – Bypass NTFS • Windows reinstallation – Bypass ACL • Administrators privilege – Bypass Ownership www.winitor.com 01 March 2010 Windows Encrypting File System Mechanism • Principle • A random - unique - symmetric key encrypts the data • An asymmetric key encrypts the symmetric key used to encrypt the data • Combination of two algorithms • Use their strengths • Minimize their weaknesses • Results • Increased performance • Increased security Asymetric Symetric Data www.winitor.com 01 March 2010 Windows Encrypting File System Characteristics • Confortable • Applying encryption is just a matter of assigning a file attribute www.winitor.com 01 March 2010 Windows Encrypting File System Characteristics • Transparent • Integrated into the operating system • Transparent to (valid) users/applications Application Win32 Crypto Engine NTFS EFS &.[ßl}d.,*.c§4 $5%2=h#<.. www.winitor.com 01 March 2010 Windows Encrypting File System Characteristics • Flexible • Supported at different scopes • File, Directory, Drive (Vista?) • Files can be shared between any number of users • Files can be stored anywhere • local, remote, WebDav • Files can be offline • Secure • Encryption and Decryption occur in kernel mode • Keys are never paged • Usage of standardized cryptography services www.winitor.com 01 March 2010 Windows Encrypting File System Availibility • At the GUI, the availibility
    [Show full text]
  • Minimum Hardware and Operating System
    Hardware and OS Specifications File Stream Document Management Software – System Requirements for v4.5 NB: please read through carefully, as it contains 4 separate specifications for a Workstation PC, a Web PC, a Server and a Web Server. Further notes are at the foot of this document. If you are in any doubt as to which specification is applicable, please contact our Document Management Technical Support team – we will be pleased to help. www.filestreamsystems.co.uk T Support +44 (0) 118 989 3771 E Support [email protected] For an in-depth list of all our features and specifications, please visit: http://www.filestreamsystems.co.uk/document-management-specification.htm Workstation PC Processor (CPU) ⁴ Supported AMD/Intel x86 (32bit) or x64 (64bit) Compatible Minimum Intel Pentium IV single core 1.0 GHz Recommended Intel Core 2 Duo E8400 3.0 GHz or better Operating System ⁴ Supported Windows 8, Windows 8 Pro, Windows 8 Enterprise (32bit, 64bit) Windows 10 (32bit, 64bit) Memory (RAM) ⁵ Minimum 2.0 GB Recommended 4.0 GB Storage Space (Disk) Minimum 50 GB Recommended 100 GB Disk Format NTFS Format Recommended Graphics Card Minimum 128 MB DirectX 9 Compatible Recommended 128 MB DirectX 9 Compatible Display Minimum 1024 x 768 16bit colour Recommended 1280 x 1024 32bit colour Widescreen Format Yes (minimum vertical resolution 800) Dual Monitor Yes Font Settings Only 96 DPI font settings are supported Explorer Internet Minimum Microsoft Internet Explorer 11 Network (LAN) Minimum 100 MB Ethernet (not required on standalone PC) Recommended
    [Show full text]
  • Mobility for the Masses Unleashing a World of Possibilities
    Mobility for the Masses Unleashing a World of Possibilities Uday Marty Director of Product Marketing Mobile Platforms Group Risk Factors Today’s presentations contain forward-looking statements. All statements made that are not historical facts are subject to a number of risks and uncertainties, and actual results may differ materially. Please refer to our most recent Earnings Release and our most recent Form 10-Q or 10-K filing available on our website for more information on the risk factors that could cause actual results to differ. Copyright © 2009 Intel Corporation Agenda • Today’s news • Current environment • The latest on Intel’s mobile platforms • Ultra-thin laptops come to the mainstream • Expanded wireless capability • Summary Copyright © 2009 Intel Corporation This presentation and materials related to it are under embargo until June 1, 2009, 9 p.m. PDT Copyright © 2009 Intel Corporation Today’s News What’s launching today: – Three new Intel® Core®2 Duo processors (T9900, P9700, and P8800) – New ULV Intel® Pentium® processor (SU2700) – New Mobile Intel® GS40 Express Chipset Enabling significant improvements in the four vectors of mobility – Extended performance leadership – Enabling Ultra-thin systems at mainstream price points – Enhancing battery life – Expanded wireless capabilities For more information, go to – http://www.intel.com/pressroom/kits/events/computex2009 Copyright © 2009 Intel Corporation Worldwide Mobile Growth Continues Mobile Shift Strong Across Mature and Emerging Markets Source: IDC Worldwide Quarterly PC
    [Show full text]
  • Refs: Is It a Game Changer? Presented By: Rick Vanover, Director, Technical Product Marketing & Evangelism, Veeam
    Technical Brief ReFS: Is It a Game Changer? Presented by: Rick Vanover, Director, Technical Product Marketing & Evangelism, Veeam Sponsored by ReFS: Is It a Game Changer? OVERVIEW Backing up data is more important than ever, as data centers store larger volumes of information and organizations face various threats such as ransomware and other digital risks. Microsoft’s Resilient File System or ReFS offers a more robust solution than the old NT File System. In fact, Microsoft has stated that ReFS is the preferred data volume for Windows Server 2016. ReFS is an ideal solution for backup storage. By utilizing the ReFS BlockClone API, Veeam has developed Fast Clone, a fast, efficient storage backup solution. This solution offers organizations peace of mind through a more advanced approach to synthetic full backups. CONTEXT Rick Vanover discussed Microsoft’s Resilient File System (ReFS) and described how Veeam leverages this technology for its Fast Clone backup functionality. KEY TAKEAWAYS Resilient File System is a Microsoft storage technology that can transform the data center. Resilient File System or ReFS is a valuable Microsoft storage technology for data centers. Some of the key differences between ReFS and the NT File System (NTFS) are: ReFS provides many of the same limits as NTFS, but supports a larger maximum volume size. ReFS and NTFS support the same maximum file name length, maximum path name length, and maximum file size. However, ReFS can handle a maximum volume size of 4.7 zettabytes, compared to NTFS which can only support 256 terabytes. The most common functions are available on both ReFS and NTFS.
    [Show full text]
  • Module 12: Using Advanced Windows Powershell Techniques
    Module 12: Using advanced Windows PowerShell techniques Lab: Practicing advanced techniques Exercise 1: Creating a profile script Task 1: Create a profile script • A script that performs these tasks is located at: E:\Mod12\Labfiles\10961C_Mod12_LabA_Ex1_LAK.txt Results: After completing this exercise, you should have created a profile script. Exercise 2: Verifying the validity of an IP address Task 1: Verify the validity of an IP address • A script that performs these tasks is located at: E:\Mod12\labfiles\10961C_Mod12_LabA_Ex2_LAK.txt. Results: After completing this exercise, you should have created a script that verifies the validity of an IP address. Exercise 3: Reporting disk information Task 1: Report disk information • A script that performs these tasks is located at: E:\Mod12\labfiles\10961C_Mod12_LabA_Ex3_LAK.txt. Results: After completing this exercise, you should have created a script that reports disk space on a server. Exercise 4: Querying NTFS permissions Task 1: Query NTFS permissions • A script that performs these tasks is located at: E:\Mod12\labfiles\10961C_Mod12_LabA_Ex4_LAK.txt. Results: After completing this exercise, you will have created a module that you can use to query NTFS permissions. Exercise 5: Creating user accounts with passwords from a CSV file Task 1: Create user accounts with a password from a CSV file • A script that performs these tasks is located at: E:\Mod12\labfiles\10961C_Mod12_LabA_Ex5_LAK.txt. Results: After completing this exercise, you will have created a script that will create new user accounts from a CSV file. Task 2: Prepare for the end of the course When you have finished the lab, revert the virtual machines to their initial state.
    [Show full text]
  • Paragon NTFS for Linux
    PARAGON Technologie GmbH, Systemprogrammierung Heinrich-von-Stephan-Str. 5c 79100 Freiburg, Germany Tel. +49 (0) 761 59018201 Fax +49 (0) 761 59018130 Internet www.paragon-software.com E-mail [email protected] Paragon NTFS for Linux #1 High-Performance Cross-platform Solution for PC, Key Features and Benefits NAS, Router, and HD Media Player OEMs/ODMs Full read/write access to Windows Network devices which can accommodate external storage are based upon (NTFS-formatted) HDDs under Linux kernels that do not support the file systems such external storage is normally formatted to. For example, Linux-based PCs, NAS devices, routers, and HD A pure kernel module –like native media players are incompatible with external HDDs formatted for NTFS Linux modules (*.o or *.ko) (Windows). To be competitive, OEMs/ODMs must find an effective bridge between the operating system or kernel their products are running and the Does not require additional libraries file systems that external storage is formatted to… High performance –better than FAT Over 10 years ago, Paragon Software Group recognized this need and developed a unique Universal File System Driver or UFSD™ technology which Low system requirements –16MB or provides full high-performance read/write access to file systems under less operating systems and kernels that do not support them, such as NTFS for Linux, Ext2/3FS for Mac OS X, HFS+ for Windows, etc. Small footprint <500KB Our most popular UFSD solution is Paragon NTFS for Linux, which enables Linux-based PCs and network devices to have full read/write access to NTFS- Short mount time formatted drives attached to them, with high performance as though they are native for Linux.
    [Show full text]
  • USB External Device Encryption Instructions Acceptable Use: HSC Security Practices Regarding the Encryption of External USB Devices
    USB External Device Encryption Instructions Acceptable Use: HSC Security Practices regarding the encryption of external USB devices • The Encrypted USB Storage Device may only be used for temporary storage and/or data transport of duplicate data. • A complex password must be used upon encryption, loss of the password will render the data on the USB unrecoverable. Further recovery safeguards are NOT APPLICABLE. Some things to note before getting started: • It is recommended that the USB device (Flash Drive/External HDD) be formatted to “NTFS” before saving data to the device and/or encrypting the device. Make sure that you have saved desired data from the USB Device before formatting the drive! There is no mechanism to restore the data from the USB Storage Device once it has been formatted. • The following steps must be performed on a Windows 10 [Ver. 1511] device or above that is connected to the Health domain for BitLocker encryption to work in our environment. Format the Device • Connect the USB device to the computer and locate the device in the File Explorer. • Right-click the external USB device, select “Format…”, and select the following options: o File system: NTFS o Volume label: *Something easily identifiable* o Format options: [Select] “Quick Format” Activate BitLocker • Locate the device in the File Explorer • Right-click the external USB device, select “Turn on BitLocker”, and select the following options: o Use a password to unlock the drive (This should be automatically selected if you are connected to the Health domain) o Enter a unique PIN, ensure that your new PIN meets the following requirements: .
    [Show full text]
  • Refs V2 Cloning, Projecting, and Moving Data
    ReFS v2 Cloning, projecting, and moving data J.R. Tipton [email protected] What are we talking about? • Two technical things we should talk about • Block cloning in ReFS • ReFS data movement & transformation • What I would love to talk about • Super fast storage (non-volatile memory) & file systems • What is hard about adding value in the file system • Technically • Socially/organizationally • Things we actually have to talk about • Context Agenda • ReFS v1 primer • ReFS v2 at a glance • Motivations for v2 • Cloning • Translation • Transformation ReFS v1 primer • Windows allocate-on-write file system • A lot of Windows compatibility • Merkel trees verify metadata integrity • Data integrity verification optional • Online data correction from alternate copies • Online chkdsk (AKA salvage AKA fsck) • Gets corruptions out of the namespace quickly ReFS v2 intro • Available in Windows Server Technical Preview 4 • Efficient, reliable storage for VMs: fast provisioning, fast diff merging, & tiering • Efficient erasure encoding / parity in mainline storage • Write tiering in the data path • Automatically redirect data to fastest tier • Data spills efficiently to slower tiers • Read caching • Block cloning • End-to-end optimizations for virtualization & more • File system-y optimizations • Redo log (for durable AKA O_SYNC/O_DSYNC/FUA/write-through) • B+ tree layout optimizations • Substantially more parallel • “Sparse VDL” – efficient uninitialized data tracking • Efficient handling of 4KB IO Why v2: motivations • Cheaper storage, but not
    [Show full text]
  • Bitlocker Management
    BitLocker Management Vista Full Volume Encryption Feature Overview BitLocker - Full Volume Encryption Vista Enterprise and Ultimate AD management & Key backup options Save recovery password to USB, Printer, or File Share TPM 1.2 – Enables Drive Tampering Protection WMI Interface Vista Tool compatibility MS Boot Loader, System Restore, Disk Management BitLocker Tools Manage-bde.wsf - RTM Add / Remove key protectors Tools from MS Premier Support Site: BitLocker Drive Preparation BitLocker Recovery Password Viewer BitLocker Repair Tool Searches HD for unlinked FVEKs BitLocker Group Policy Computer Config\Admin Templates\Windows Components\BitLocker Drive Encryption AD Key Backup Options Backup Recovery Password to AD Backup Key Package to AD Require Backup to AD before encryption is enabled Backup Recovery Password to Share Recovery Options Require Creation of Recovery Password - Default Require Creation of Recovery Key Package - Default BitLocker Group Policy Advanced Options Allow BitLocker without TPM Startup Key or Pin with TPM Encryption Method AES 128 Diffuser – Default Prevent Memory Overwrite on Restart – Disabled TPM Platform Validation –7 Default Metrics Rom Code MBR Code – not partition table Boot Manager TPM Group Policy Computer Config\Admin Templates\System\ Trusted Platform Module Backup TPM Owner information to AD Require backup 3 settings related to TPM blocked commands BDE Security and Compatibility BitLocker Tips AD Backup only occurs when BDE is enabled Or when TPM is initialized
    [Show full text]
  • Advantages and Disadvantages of EFS and Effective Recovery of Encrypted Data Whitepaper
    advantages and disadvantages of efs and effective recovery of encrypted data whitepaper Copyright (c) 2007 ElcomSoft Co.Ltd. Contents What is eFs? 3 eFs advantages and disadvantages 4 Data can be lost for good 5 how can one lose access to eFS-encrypted data? what is the eFS recovery agent? What to do in case of system failure? 7 possible actions to take Data decryption scheme Advanced eFs Data Recovery 8 About elcomsoft 10 AdvAntAges And disAdvAntAges of efs whitepaper 2 WhAt is eFs? One of the innovations in the Microsoft Windows 2000 and the NTFS 5.0 file system was the Encrypting File System (EFS) technology, which is designed to quickly encrypt files on the com- puter hard drive. NTFS by itself has built-in protection. However, as is frequently the case, it very quickly required additional security. The reason was the wide-spread use of NTFSDos-type utilities, which made it easy to circumvent the NTFS security system, gaining access to it through DOS, thus ignoring the set access rights. The EFS system uses both public and private key encryption and CryptoAPI architecture. EFS can use any symmetrical file encryption algorithm from the following list: Microsoft Windows 2000 used DESX, Windows XP used 3DES, and Windows XP SP1, 2003 and the new Windows Vista use AES. File encryption does not require the user to execute any preliminary operations. During the first encryption of the file, an encryption certificate and a private key are automatically issued for the user. One of the distinguishing convenient features of EFS is that the files remain encrypted when they are transferred to a different folder or to a different NTFS drive.
    [Show full text]
  • Windows Support for PM
    Windows Support for PM Tom Talpey, Microsoft Agenda Industry Standards Support PMDK Open Source Support Hyper-V Support SQL Server Support Storage Spaces Direct Support SMB3 and RDMA Support © 2018 SNIA Persistent Memory Summit. All Rights Reserved. 2 Windows PM Industry Standards Support JEDEC JESD 245, 245A: Byte Addressable Energy Backed Interface Defines the host to device interface and features supported for a NVDIMM-N UEFI 2.5 – 2.7 Label format Block Translation Table (BTT): sector atomicity support ACPI 6.0 – 6.2 NVDIMM Firmware Interface Table (NFIT) NVM Root and NVDIMM objects in ACPI namespace Address Range Scrub (ARS) Uncorrectable memory error handling Notification mechanism for NVDIMM health events and runtime detected uncorrectable memory error © 2018 SNIA Persistent Memory Summit. All Rights Reserved. 3 Windows PMDK Support PMDK open source library available on Windows Formerly Intel “NVML” (ref: Andy Rudoff’s talk earlier today) http://pmem.io Source and prebuilt binaries available via GitHub https://github.com/pmem/pmdk/ Application API’s for efficient use of PM hardware Most PMDK libraries (libpmem, etc) feature-complete on Windows Underlying implementation uses memory mapped files Access via native Windows DAX Libraries work in both PM and non-PM hardware environments Use case: simplified cross-platform application development © 2018 SNIA Persistent Memory Summit. All Rights Reserved. 4 Windows Hyper-V PM Support Supported in Windows Fall 2017 release Windows & Linux guests in generation 2 VMs see virtual PMEM (vPMEM) devices New VHD file type: .VHDPMEM Can convert between VHDX and VHDPMEM formats Using convert-vhd PowerShell cmdlet Admin decide at create time if the VHDPMEM file has a BTT VHDPMEM files can also be mounted as a SCSI device on the host for read/write access Each vPMEM device is backed by one .VHDPMEM file © 2018 SNIA Persistent Memory Summit.
    [Show full text]
  • End-User License Agreement for Microsoft Exfat/NTFS for USB by Paragon Software
    End-user License Agreement for Microsoft exFAT/NTFS for USB by Paragon Software This End-User License Agreement (‘EULA’) is a legally valid contract between the end user of the software and Paragon Software GmbH, Wiesentalstraße 22, D-79115 Freiburg (hereinafter referred to as «Paragon»). Please read this Agreement thoroughly before acquiring the software. Upon acquisition of the software, the following provisions will be deemed to have been agreed to with binding effect. 1. Copyright This software product, including any handbooks, instructions and/or other information material, is protected by copyright. Any copy protection present in the software, a copyright notice, a registration number recorded in it or other features serving to identify the program may not be removed. 2. License agreement Unless determined otherwise, Paragon grants the software’s end user the simple right to install the software on devices and use it for an unlimited period of time. The right to use is limited to the software’s object code. It will expire if the end user violates the conditions of use established in this Agreement. Paragon is not obligated to provide the end user with the source code. Unless determined otherwise in the following, the acquisition of this license does not entitle the end user to create and/or distribute copies of the software, transfer the software from one device to another by electronic means or over a network after its original download or installation on a device, modify, decompile, adapt or translate the software or combine it with other software, or reengineer or disassembly the software.
    [Show full text]