Lorenz Liebler successfully defended his Ph.D. thesis
23 Dezember 2021
Memory forensics is an important branch of digital forensics. Different concepts empower practitioners to perform deep analysis of potentially compromised systems by dissecting the acquired volatile memory of a target. The field mainly evolved in recent years and relies on the ambitious development of interfaces to extract and interpret structural information. In contrary, memory carving encompasses the extraction of artefacts or objects based on signatures or patterns. Even if structured analysis undoubtedly creates the foundation for deep insights into an acquired system, the overall concept bares some pitfalls and major implementation efforts. It should be desirable to back structured analysis by additional concepts of unstructured analysis and to introduce different concepts of data reduction similar to those in disk forensics. Therefore, this research investigates the transferability of Approximate Matching concepts to the field of memory forensics.
The Ph.D. thesis was carried out at the Faculty of Computer Science at Universität der Bundeswehr München (UniBW M); it was supervised by Prof. Dr. Harald Baier (UniBw M; CODE) and Prof. Dr. Felix Freiling (University of Erlangen–Nuremberg). Lorenz Liebler is a former member of the da/sec research group (h_da, University of Applied Sciences). He published 5 peer-reviewed papers during his thesis, e.g., at DFRWS EU.