Open Access

In today’s world, there are more and more IT systems that are interconnected to provide services to a wide variety of business classes. Since their services are usually inevitably linked to financial and political interests, the number of attacks aimed at disrupting or profiting from these and the associated systems in various ways is constantly increasing. In this paper we design and implement a framework for the comprehensive auditing of IT systems in system architectures of different enterprise classes. For our solution, we evaluate formal requirements regarding audit trails, provide concepts for the pseudonymisation of audit data, develop software components for E2E audit trails and finally present a secure system architecture based on Kubernetes and Istio in conjunction with the storage components ArangoDB and HashiCorp Vault to achieve an efficient framework for creating E2E audit trails.

Digital forensics of smartphones is of utmost importance in many criminal cases. As modern smartphones store chats, photos, videos etc. that can be relevant for investigations and as they can have storage capacities of hundreds of gigabytes, they are a primary target for forensic investigators. However, it is exactly this large amount of data that is causing problems: extracting and examining the data from multiple phones seized in the context of a case is taking more and more time. This bears the risk of wasting a lot of time with irrelevant phones while there is not enough time left to analyze a phone which is worth examination. Forensic triage can help in this case: Such a triage is a preselection step based on a subset of data and is performed before fully extracting all the data from the smartphone. Triage can accelerate subsequent investigations and is especially useful in cases where time is essential. The aim of this paper is to determine which and how much data from an Android smartphone can be made directly accessible to the forensic investigator – without tedious investigations. For this purpose, an app has been developed that can be used with extremely limited storage of data in the handset and which outputs the extracted data immediately to the forensic workstation in a human- and machine-readable format.

Phishing remains one of the most common and effective forms of social engineering, with cybercriminals constantly refining their tactics to exploit human vulnerabilities. The sheer volume of phishing attacks is staggering: almost 1.2% of all emails sent are malicious. This equates to around 3.4 billion phishing emails per day. The effectiveness of phishing attacks is also underlined by numerous studies. Phishing is identified as the leading initial attack vector, responsible for 41% of security incidents. This means that practically every company is threatened by phishing attacks.In parallel, there have been rapid advances in the field of artificial intelligence (AI) in recent years, giving the general public access to powerful tools that can handle complex tasks with ease. However, alongside these benefits, the potential for abuse has also become a major concern. The integration of AI into social engineering attacks has significantly increased the opportunities for cybercriminals. Research has shown that AI-generated phishing emails are difficult for humans to distinguish from real messages. According to one study, phishing emails written by AI were opened by 78% of recipients, with 21% clicking on malicious content such as links or attachments. Although the click-through rate is still lower compared to human-crafted emails, generative AI tools (GenAI) can help cybercriminals compose phishing emails at least 40% faster, which can lead to a significant increase in phishing success rates. The increasing potential to use public AI tools for abusive purposes has also been recognized by the developers of AI models. Thus, publicly available AI tools often have built-in mechanisms to detect and prevent misuse. This paper examines the potential for misuse of publicly available AI in the context of phishing attacks, focusing on the content generation phase. In particular, the study examines the effectiveness of existing abuse prevention mechanisms implemented by AI platforms like fine-tuning, filters, rejection sampling, system prompts and dataset filtering. To this end, it is explored how prompts to the AI need to be altered for circumventing the misuse preventing mechanisms. While in some cases the simple request to write a phishing email succeeds, other AI tools implement more sophisticated mechanisms. In the end, however, all prevention safeguards could be circumvented. The findings highlight the significant threat posed by AI-powered social engineering attacks and emphasize the urgent need for robust defense in depth strategies against phishing attacks and increased awareness to mitigate the risks in the evolving digital landscape.In addition, the paper demonstrates that the quality of the AI tool varies in terms of the phishing emails generated. To this end, the phishing emails generated by circumventing the protection mechanisms of the AI are (subjectively) compared and evaluated by the authors. The preliminary conclusion is that automatically generated phishing emails of some public AI tools can certainly match that of manually generated emails. While the objective confirmation of this hypothesis requires further study even the subjective quality of the generated phishing emails shows the dimension of the problem.

The work of an digital forensics expert is far more extensive and varied today than it was just a few years ago. Especially after hacking attacks on organizations, experts in DFIR (Digital Forensics and Incident Response) come into play. In this paper, we present a learning platform that enables people to learn DFIR from scratch. To achieve this goal, the content of the learning platform was defined, evaluated and prepared with the help of experts from industry and government. For this purpose, expert interviews were conducted, which were subsequently evaluated. The results of these interviews were incorporated into initial scenarios that were implemented in individual modules on the learning platform Ilias, with a distinction being made between the basics and the main DFIR part. In the basic part, an introduction to IT forensics is offered, which is supplemented by further technical modules. This includes training in the use of the Linux operating system, which is frequently used in digital forensics, as well as the acquisition and analysis of RAM iand hard disk images. In the main part, the focus is to apply the learnings from the basic sections and to enhance them with incident related knowledge for DFIR projects, in which digital forensics experts gather and analyse evidence on various systems of the attacked organizations by searching and gathering so-called IoCs (Indicators of Compromise) from log files and other sources. Once the analysis part is complete, and all evidence has been collected, cleanup, recovery and restart of systems may take place, which is handled in the last section of the main training module.