SPRING 2025 - Abstracts accepted

30 April 2025

Our extended abstracts on Quality of Inconsistencies in (Windows) Memory Dumps and Bringing AI into ForTrace++ – A Framework for Automatic Data Synthesis were accepted at the SPRING graduate workshop 2025. The first article presents the current work and future directions of quality of inconsistencies. The second article revolves around the use of AI-supported screen parsing tools in the data synthesis framework ForTrace++. Both abstracts were presented at the 15th SPRING graduate workshop in April 2025 in Nuremberg, Germany.

Authors: Lisa Rzepka and Harald Baier

Abstract:
Acquiring main memory is common during forensic investigations, as it typically contains valuable information which is hardly available by other methods, e.g., information about executed processes, running network connections or encryption keys. In practice the main memory is mostly obtained using kernel-level software tools which run concurrently to the system. This introduces a phenomenon called page smearing, i.e., content mismatches or inconsistencies, which may influence the subsequent forensic analysis of the acquired memory dumps. In order to measure the impact of inconsistencies on the analysis, suitable indicators and quality assessments are needed. This work presents the state of the art regarding inconsistency considerations and points to future directions.

Authors: Dennis Wolf and Harald Baier

Abstract:

Data sets play a critical role in the digital forensics community to train aspiring experts, and to validate new tools and software. Since manual data set creation is a time-consuming task, members of the digital forensics community strive continuously to automate their generation. The developments of vision language models and multimodal models like GPTv4 and their recent employment as GUI agents across different platforms raise the question whether these AI-methods can be used to enhance efficiency, flexibility and robustness of digital forensics data synthesis frameworks. In this paper we present a concept and an initial evaluation of an AI-supported screen parsing tool into the open-source data set generation framework ForTrace++. Our results indicate that this integration leads to much more reliable and robust data generation, enabling a significantly better interaction with diverse applications on different operating systems.

Aktuelles

FSI: Digital Investigation - Joint paper with ZITiS published

Our article "Towards reliable data in the scope of unmanned aircraft systems" is published in the FSI Digital Investigation Journal.

DFRWS EU 2025 - Paper accepted

Our paper on "A Scenario-based Quality Assessment of Memory Acquisition Tools and its Investigative Implications" was accepted for presentation at the DFRWS EU 2025.

Michael Mundt successfully defended his PHD thesis

On January 28th Michael Mundt defended his PhD thesis "On efficient and effective Cyber Threat Intelligence-based Mitigation of Data Exfiltration". Congratulations to the excellent grade (magna cum laude).

FSI: Digital Investigation - Two papers accepted

Our two articles on "Source Camera Identification" and "Optimising data set creation in the cybersecurity landscape with a special focus on digital forensics" have been accepted in the FSI Digital Investigation Journal.

NordSec 2024 - Paper accepted

We will present our work on Do-it-yourself drones in Karlstad (Sweden) at the NordSec 2024.

ForTrace Workshop @ DFRWS APAC 2024

We are offering a workshop at DFRWS APAC 2024 on our data synthesis framework ForTrace.