| The ability to quickly validate embedded device firmware is crucial to maintaining the integrity of mission-critical systems. Extracting firmware from embedded devices for validation currently requires significant time and resources, and the devices are often destroyed during the extraction process. The taxonomy of firmware extraction methods presented in this dissertation provides a standard technique for evaluating firmware extraction methods in order to identify the ideal extraction method for an embedded device in a scenario of interest. The taxonomy serves as a managerial component in the larger framework of digital forensic research. The ability to easily compare firmware extraction methods provides an organization or individual the ability to analyze a situation, allocate time and resources appropriately, and validate decisions made in the laboratory.;This dissertation presents the motivation for embedded device security, background information about embedded devices and embedded device firmware, and five firmware extraction case studies. This information is used to develop and clarify the taxonomy described in this research. An example of the taxonomy usage is presented, and the taxonomy is evaluated to demonstrate that it satisfies the key requirements of a taxonomy. Test subjects representing the digital forensic community, for whom the taxonomy is developed, used the taxonomy to classify firmware extraction methods identified in three embedded device hardware analyses and employed in three scenarios. Their results demonstrate that the taxonomy has well defined terms and is comprehensible, unambiguous, mutually exclusive, generally repeatable, useful, and accepted. |
