BMCLeech: Introducing Stealthy Memory Forensics to BMC

Latzo T, Brost J, Freiling F (2020)

Publication Type: Journal article

Publication year: 2020

Journal

Forensic Science International: Digital Investigation Elsevier

Book Volume: 32

Journal Issue: S

DOI: 10.1016/j.fsidi.2020.300919

Open Access Link: https://www.sciencedirect.com/science/article/pii/S2666281720300147

Abstract

Several system management technologies have been introduced that leverage additional devices on the main board to asynchronously access and control the host's computing resources. One such prominent technology for server systems is the Baseboard Management Controller (BMC), a co-processors with some firmware that allows an administrator to monitor and administer a server remotely. This paper introduces BMCLeech, the first software that brings forensic memory acquisition onto the BMC which makes it very useful for incident response teams. BMCLeech is based on the open source BMC implementation OpenBMC and internally leverages the power of PCILeech, a well-known framework for memory acquisition via DMA. (C) 2020 The Author(s). Published by Elsevier Ltd.

Authors with CRIS profile

Tobias Latzo Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen) Julian Brost Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Felix Freiling Lehrstuhl für Informatik 1 (IT-Sicherheitsinfrastrukturen)

Related research project(s)

Cyberkriminalität und forensische Informatik (Cybercrime) Oct. 1, 2019 - March 31, 2024

How to cite

APA:

Latzo, T., Brost, J., & Freiling, F. (2020). BMCLeech: Introducing Stealthy Memory Forensics to BMC. Forensic Science International: Digital Investigation, 32(S). https://dx.doi.org/10.1016/j.fsidi.2020.300919

MLA:

Latzo, Tobias, Julian Brost, and Felix Freiling. "BMCLeech: Introducing Stealthy Memory Forensics to BMC." Forensic Science International: Digital Investigation 32.S (2020).

BibTeX: Download