Logo des Repositoriums

Auflistung nach Autor:in "Schinner, Alexander"

1 - 2 von 2
  • Textdokument
    A kernel driver modification to visualize and reconstruct data transfer between computer and USB mass storage devices
    (INFORMATIK 2021, 2021) Zöllner, Joshua; Petschke, Dmitry; Schinner, Alexander; Weber, Kristin; Mayer, Manuel
    The aim of this work is to create a completely new method for analysing the physical access to USB mass storage devices and to reconstruct the file access from the logged data. This is achieved by replacing a real USB stick with a full software simulation based on a Raspberry PI Zero using USB gadget mode. To achieve full information, we extended the logging capabilities of the Linux kernel driver. This allows to log position and size of each reading operation at the lowest possible level. For write operation, the written data is logged, too. This enables logging completely independent of the operating system or file system and allows a forensic image to be calculated that has time as an additional dimension. Further advantages of this method are that it is completely undetectable from the host computer and random accesses bypassing a file system can also be logged. A reconstruction of the original file access is shown and the possibilities for new attack vectors are discussed.
  • Textdokument
    A Method for Evaluating and Selecting Software Tools for Remote Forensics
    (INFORMATIK 2021, 2021) Meyer, Maurice; Auth, Gunnar; Schinner, Alexander
    In today’s networked system environments, remote access to possibly involved IT system components is a fundamental requirement for digital forensics. For con-ducting professional remote forensics investigations in large system landscapes a growing number of software tools, both commercial and open source, is available today. On the other hand, reviews and comparisons of this special type of soft-ware tools are scarce. In support of finding the best-fitting remote forensics tool among the available solutions based on individual requirements and preconditions, this article presents a method for a criteria-based evaluation and selection process. While the method construction generally builds on established procedures for software evaluation and selection, the according criteria catalog including measurement procedures and weightings was derived from literature as well as considerations with experts from the IT security subsidiary of a large German telecom group. Furthermore, the method is demonstrated and validated by applying it to three selected software tools: Cynet, GRR Rapid Response and Velociraptor.