@inproceedings{LogenHoefkenSchuba2012,
  author    = {Logen, Steffen and H{\"o}fken, Hans and Schuba, Marko},
  title     = {Simplifying RAM Forensics : A GUI and Extensions for the Volatility Framework},
  series = {2012 Seventh International Conference on Availability, Reliability and Security (ARES), 20-24 August 2012, Prague, Czech Republic},
  booktitle = {2012 Seventh International Conference on Availability, Reliability and Security (ARES), 20-24 August 2012, Prague, Czech Republic},
  publisher = {IEEE},
  address   = {New York},
  isbn      = {978-1-4673-2244-7},
  doi       = {10.1109/ARES.2012.12},
  pages     = {620 -- 624},
  year      = {2012},
  abstract  = {The Volatility Framework is a collection of tools for the analysis of computer RAM. The framework offers a multitude of analysis options and is used by many investigators worldwide. Volatility currently comes with a command line interface only, which might be a hinderer for some investigators to use the tool. In this paper we present a GUI and extensions for the Volatility Framework, which on the one hand simplify the usage of the tool and on the other hand offer additional functionality like storage of results in a database, shortcuts for long Volatility Framework command sequences, and entirely new commands based on correlation of data stored in the database.},
  language  = {en}
}
@inproceedings{SchuetzBreuerHoefkenetal.2013,
  author    = {Sch{\"u}tz, P. and Breuer, M. and H{\"o}fken, Hans-Wilhelm and Schuba, Marko},
  title     = {Malware proof on mobile phone exhibits based on GSM/GPRS traces},
  series = {The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec 2013) : 04.03. - 06.03.2013, Kuala Lumpur, Malaysia},
  booktitle = {The Second International Conference on Cyber Security, Cyber Peacefare and Digital Forensic (CyberSec 2013) : 04.03. - 06.03.2013, Kuala Lumpur, Malaysia},
  publisher = {The Society of Digital Information and Wireless Communication},
  isbn      = {978-0-9853483-7-3},
  pages     = {89 -- 96},
  year      = {2013},
  language  = {en}
}
@inproceedings{StoebeHoefkenSchubaetal.2013,
  author    = {St{\"o}be, Rolf and H{\"o}fken, Hans-Wilhelm and Schuba, Marko and Breuer, Michael},
  title     = {Artificial ageing of mobile devices using a simulated GSM/GPRS network},
  series = {Eighth International Conference on Availability, Reliability and Security (ARES) : 2-6 Sept. 2013, Regensburg},
  booktitle = {Eighth International Conference on Availability, Reliability and Security (ARES) : 2-6 Sept. 2013, Regensburg},
  publisher = {IEEE},
  pages     = {493 -- 497},
  year      = {2013},
  language  = {en}
}
@inproceedings{HartungHillgaertnerSchmitzetal.2014,
  author    = {Hartung, Frank and Hillg{\"a}rtner, Michael and Schmitz, G{\"u}nter and Schuba, Marko and Adolphs, Fabian and Hoffend, Jens and Theis, Jochen},
  title     = {IT-Sicherheit im Automobil},
  series = {AmE 2014 : Automotive meets Electronics, Beitr{\"a}ge der 5. GMM-Fachtagung vom 18. bis 19. Februar 2014 in Dortmund. (GMM-Fachbericht ; 78)},
  booktitle = {AmE 2014 : Automotive meets Electronics, Beitr{\"a}ge der 5. GMM-Fachtagung vom 18. bis 19. Februar 2014 in Dortmund. (GMM-Fachbericht ; 78)},
  publisher = {VDE-Verl.},
  address   = {Berlin},
  organization    = {VDE/VDI-Gesellschaft Mikroelektronik, Mikrosystem- und Feinwerktechnik (GMM)},
  isbn      = {978-3-8007-3580-8},
  pages     = {CD-ROM},
  year      = {2014},
  language  = {de}
}
@inproceedings{BonneyHoefkenPaffenetal.2015,
  author    = {Bonney, Gregor and H{\"o}fken, Hans-Wilhelm and Paffen, Benedikt and Schuba, Marko},
  title     = {ICS/SCADA Security - Analysis of a Beckhoff CX5020 PLC},
  series = {1st International Conference on Information Systems Security and Privacy : ICISSP 2015},
  booktitle = {1st International Conference on Information Systems Security and Privacy : ICISSP 2015},
  organization    = {International Conference on Information Systems Security and Privacy <1, 2015, Angers>},
  pages     = {1 -- 6},
  year      = {2015},
  language  = {en}
}
@inproceedings{LindenlaufHoefkenSchuba2015,
  author    = {Lindenlauf, Simon and H{\"o}fken, Hans-Wilhelm and Schuba, Marko},
  title     = {Cold Boot Attacks on DDR2 and DDR3 SDRAM},
  series = {10th International Conference on Availability, Reliability and Security (ARES) 2015},
  booktitle = {10th International Conference on Availability, Reliability and Security (ARES) 2015},
  doi       = {10.1109/ARES.2015.28},
  pages     = {287 -- 292},
  year      = {2015},
  language  = {en}
}
@inproceedings{BraunHoefkenSchubaetal.2015,
  author    = {Braun, Sebastian and H{\"o}fken, Hans-Wilhelm and Schuba, Marko and Breuer, Michael},
  title     = {Forensische Sicherung von DSLRoutern},
  series = {Proceedings of D-A-CH Security 2015. St. Augustin 8. und 9. September 2015},
  booktitle = {Proceedings of D-A-CH Security 2015. St. Augustin 8. und 9. September 2015},
  pages     = {11 S.},
  year      = {2015},
  language  = {de}
}
@inproceedings{BeckerHoefkenSchuetzetal.2016,
  author    = {Becker, Sebastian and H{\"o}fken, Hans-Wilhelm and Sch{\"u}tz, Philip and Schuba, Marko},
  title     = {IT-forensische Erkennung modifizierter Android-Apps},
  series = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016},
  booktitle = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016},
  editor    = {Schartner, P.},
  pages     = {120 -- 125},
  year      = {2016},
  abstract  = {Malware auf Smartphones ist ein Problem, dem auch Strafverfolgungsbeh{\"o}rden immer h{\"a}ufiger gegen{\"u}berstehen. Insbesondere Telefone, bei denen potentiell schadhafte Apps zu einem finanziellen Schaden gef{\"u}hrt haben, finden sich auf den Schreibtischen der Polizei wieder. Dabei m{\"u}ssen die Ermittler m{\"o}glichst schnell und gezielt erkennen k{\"o}nnen, ob eine App tats{\"a}chlich schadhaft manipuliert wurde, was manipuliert wurde und mit wem die App kommuniziert. Klassische Malware-Erkennungsverfahren helfen zwar bei der generellen Erkennung schadhafter Software, sind aber f{\"u}r die polizeiliche Praxis nicht geeignet. Dieses Paper stellt ein Programm vor, welches gerade die forensischen Fragestellungen ber{\"u}cksichtigt und so f{\"u}r den Einsatz in der Strafverfolgung in Frage kommt.},
  language  = {de}
}
@inproceedings{BonneyNagelSchuba2016,
  author    = {Bonney, Gregor and Nagel, Stefan and Schuba, Marko},
  title     = {Risiko Smart Home - Angriff auf ein Babymonitorsystem},
  series = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016},
  booktitle = {Proceedings of DACH Security 2016, Klagenfurt, Austria, September 2016},
  editor    = {Schartner, P.},
  pages     = {371 -- 378},
  year      = {2016},
  abstract  = {Unser Zuhause wird zunehmend intelligenter. Smart Homes bieten uns die Steuerung von Haus- oder Unterhaltungstechnik bequem vom Smartphone aus. Junge Familien nutzen die Technologie, um mittels vernetzten Babymonitorsystemen ihren Nachwuchs von {\"u}berall aus im Blick zu haben. Davon auszugehen, dass solche Systeme mit einem Fokus auf Sicherheit entwickelt wurden, um die sehr pers{\"o}nlichen Daten zu sch{\"u}tzen, ist jedoch ein Trugschluss. Die Untersuchung eines handels{\"u}blichen und keineswegs billigen Systems zeigt, dass die Ger{\"a}te sehr einfach kompromittiert und missbraucht werden k{\"o}nnen.},
  language  = {de}
}
@inproceedings{BroennerHoefkenSchuba2016,
  author    = {Broenner, Simon and H{\"o}fken, Hans-Wilhelm and Schuba, Marko},
  title     = {Streamlining extraction and analysis of android RAM images},
  series = {Proceedings of the 2nd international conference on information systems security and privacy},
  booktitle = {Proceedings of the 2nd international conference on information systems security and privacy},
  organization    = {ICISSP International Conference on Information Systems Security and Privacy <2, 2016, Rome, Italy>},
  isbn      = {978-989-758-167-0},
  doi       = {10.5220/0005652802550264},
  pages     = {255 -- 264},
  year      = {2016},
  language  = {en}
}