• Publications
  • Influence
Self-Encrypting Disks pose Self-Decrypting Risks How to break Hardware-based Full Disk Encryption
Hardware-based full disk encryption (FDE) drives, such as Intel’s SSD 320 and 520 series, are widely believed to be a fast and secure alternative to software-based solutions like TrueCrypt andExpand
  • 15
  • 1
  • PDF
Advances in Forensic Data Acquisition
TLDR
This tutorial article by Felix Freiling et al. gives clear indications of what currently can be technically done and what cannot be done by police investigators.Editor’s note: You all know this from watching CSI: When a crime is committed, usually some form of digital evidence is left on devices such as computers, mobile phones, or the navigation system of a car a suspect has used. Expand
  • 5
  • 1
A universal taxonomy and survey of forensic memory acquisition techniques
TLDR
We define a taxonomy of memory acquisition methods based on a well-defined partial order that generalizes the concept of ring-based privilege separation and provide a comprehensive survey of state-of-the-art memory acquisition techniques. Expand
  • 5
Introducing DINGfest: An architecture for next generation SIEM systems
TLDR
In this extended abstract, we identify these shortcomings and propose an architecture which addresses them. Expand
  • 4
  • PDF
Bringing Forensic Readiness to Modern Computer Firmware
Today’s computer systems come with a pre-installed tiny operating system, which is also known as UEFI. UEFI has slowly displaced the former legacy PC-BIOS while the main task has not changed: It isExpand
BMCLeech: Introducing Stealthy Memory Forensics to BMC
TLDR
This paper introduces BMCLeech, the first software that brings forensic memory acquisition onto the BMC which makes it very useful for incident response teams. Expand
  • 1
  • PDF
Characterizing the Limitations of Forensic Event Reconstruction Based on Log Files
TLDR
We study which types of events can be inferred from log files and which ones not. Expand
  • 1
Towards GDPR-compliant data processing in modern SIEM systems
  • 1