Johannes Stüttgen

Learn More
Software based Memory acquisition on modern systems typically requires the insertion of a kernel module into the running kernel. On Linux, kernel modules must be compiled against the exact version of kernel headers and the exact kernel configuration used to build the currently executing kernel. This makes Linux memory acquisition significantly more complex(More)
The standard procedure for the acquisition of digital evidence in forensic investigations is to produce a bit-wise 1:1 copy of the original data on a digital storage device. This is often called imaging and becoming a bottleneck in modern digital investigations. The notion of selective imaging was introduced by Turner in 2005 and associated with the(More)
Im Oktober 2011 erregte die Veröffentlichung von Details über die inzwischen meist als BckR2D2 bezeichnete Schadsoftware öffentliches Aufsehen. Mitglieder des Chaos Computer Club e.V. veröffentlichten einen ersten Bericht über die Funktionsweise des Trojaners, dem weitere Analysen folgten. In dieser Arbeit geben wir einen Überblick über die bislang(More)
This document gives an overview over current research within the security group at Friedrich-AlexanderUniversity Erlangen-Nuremberg, Germany, and attempts to describe the future research roadmap of the group. This roadmap is structured around the landscape of cybercrime with its three main groups of actors (attackers, users and investigators) and their main(More)
To a great degree, research in memory forensics concentrates on the acquisition and analysis of kerneland user-space software from physical memory to date. With the system firmware, a much more privileged software layer exists in modern computer systems though that has recently become the target in sophisticated computer attacks more often. Compromise(More)
  • 1