Bringing Forensic Readiness to Modern Computer Firmware
By: Tobias Latzo , Florian Hantke , Lukas Kotschi and more
Potential Business Impact:
Lets investigators copy computer brain data.
Today's computer systems come with a pre-installed tiny operating system, which is also known as UEFI. UEFI has slowly displaced the former legacy PC-BIOS while the main task has not changed: It is responsible for booting the actual operating system. However, features like the network stack make it also useful for other applications. This paper introduces UEberForensIcs, a UEFI application that makes it easy to acquire memory from the firmware, similar to the well-known cold boot attacks. There is even UEFI code called by the operating system during runtime, and we demonstrate how to utilize this for forensic purposes.
Similar Papers
UEFI Memory Forensics: A Framework for UEFI Threat Analysis
Cryptography and Security
Finds hidden computer viruses before they start.
Peacock: UEFI Firmware Runtime Observability Layer for Detection and Response
Cryptography and Security
Finds hidden computer viruses before they start.
Understanding the Security Landscape of Embedded Non-Volatile Memories: A Comprehensive Survey
Cryptography and Security
Makes computer memory harder to hack.