• Publications
  • Influence
Self-Encrypting Disks pose Self-Decrypting Risks How to break Hardware-based Full Disk Encryption
TLDR
It is shown that depending on the configuration of a system, hardware-based full disk encryption is generally as insecure as software-based FDE and a new class of surprisingly simple attacks that exploit the fact that a self-encryption drive does not notice whether the SATA cable is replugged to a different computer.
Introducing DINGfest: An architecture for next generation SIEM systems
TLDR
This extended abstract identifies shortcomings in SIEM systems, proposes an architecture which addresses them, and seeks initial feedback from the community within the DINGfest project.
Advances in Forensic Data Acquisition
TLDR
In the past ten years, there has been some substantial development in the area of forensic data acquisition, which is summarized by the article and gives clear indications of what currently can be technically done and what cannot be done by police investigators.
Characterizing the Limitations of Forensic Event Reconstruction Based on Log Files
TLDR
An evaluation of a single GNU/Linux server running Apache and Wordpress revealed that especially typical insider attacks leave few traces in common log files, so using traces from selected system calls considerably increases the possibility of incident detection.
Leveraging Intel DCI for Memory Forensics By:
TLDR
The possibility to leverage DCI for the forensic acquisition of main memory is explored and DCILeech, a tool which allows to acquire system memory with high quality, is introduced, due to its power to halt the CPU, exhibits no traces of concurrent system activity and therefore can be considered atomic.
Bringing Forensic Readiness to Modern Computer Firmware
TLDR
This paper introduces UEberForensIcs, a UEFI application that makes it easy to acquire memory from the firmware, similar to the well-known cold boot attacks.
...
1
2
...