Johannes Stüttgen

Learn More
The standard procedure for the acquisition of digital evidence in forensic investigations is to produce a bit-wise 1:1 copy of the original data on a digital storage device. This is often called imaging and becoming a bottleneck in modern digital investigations. The notion of selective imaging was introduced by Turner in 2005 and associated with the(More)
Software based Memory acquisition on modern systems typically requires the insertion of a kernel module into the running kernel. On Linux, kernel modules must be compiled against the exact version of kernel headers and the exact kernel configuration used to build the currently executing kernel. This makes Linux memory acquisition significantly more complex(More)
Wir stellen einen Ansatz vor, wie man Systeme, die durch Schadsoftware in-fiziert sind, automatisiert säubern kann. Grundlage für die Säuberung ist ein Malware-Analyse-Bericht, der durch eine dynamischen Analyse des Schadprogramms mit Hilfe eines Sandbox-Systems erstellt werden kann. Aus diesem Bericht werden die Infor-mationenüber die durch das(More)
—This document gives an overview over current research within the security group at Friedrich-Alexander-University Erlangen-Nuremberg, Germany, and attempts to describe the future research roadmap of the group. This roadmap is structured around the landscape of cybercrime with its three main groups of actors (attackers, users and investigators) and their(More)
Keywords: Memory forensics Memory acquisition Live forensics Firmware rootkits Incident response a b s t r a c t To a great degree, research in memory forensics concentrates on the acquisition and analysis of kernel-and user-space software from physical memory to date. With the system firmware, a much more privileged software layer exists in modern computer(More)
  • 1