Florian P. Buchholz

Learn More
Two forms of the chitinolytic enzyme N-acetyl-beta-D-glucosaminidase (NAGase, EC 3.2.1.52) have been isolated from the Antarctic krill, Euphausia superba, in order to study their potential role in temperature adaptation processes. A chromatographic protocol was developed that allowed complete separation of the two enzyme forms, named NAGase B and NAGase C.(More)
The number of computer attacks has been growing dramatically as the Internet has grown. Attackers currently have little or no disincentive to conducting attacks because they are able to hide their location effectively by creating a chain of connections through a series of hosts. This method is effective because most current host audit systems do not(More)
In this paper we describe the design and implementation of Zeitline. Zeitline is a graphical timeline editor that allows a forensic investigator to create a timeline of events that were gathered from different sources, such as host MAC times, system logs, and firewalls. We present some background information, discuss the design of the tool, describe its(More)
To investigate the exploitation and contamination by self-propagating Internet worms, a provenance-aware tracing mechanism is highly desirable. Provenance unawareness causes difficulties in fast and accurate identification of a worm's break-in point (namely, a remotely-accessible vulnerable service running in the infected host); and incurs significant log(More)
In this paper we describe the first large-scale, long-term study of how hosts connected to the Internet manage their clocks. This is important for forensic investigations when there is a need for correlation of events collected from disparate sources, as well as for the correlation of computer events to ''real'' time. We have sampled over 8000 web servers(More)
Worms continue to be a leading security threat on the In-ternet. This paper analyzes several of the more widespread worms and develops a general life-cycle for them. The life-cycle, from the point of view of the victim host, consists of four stages: target selection, exploitation, infection, and propagation. While not all worms fall into this framework(More)
To investigate the exploitation and contamination by self-propagating Internet worms, a provenance-aware tracing mechanism is highly desirable. Provenance unawareness causes difficulties in fast and accurate identification of a worm's break-in point (namely, a remotely-accessible vulnerable service running in the infected host), and incurs significant log(More)