Bringing Forensic Readiness to Modern Computer Firmware

• URL: http://arxiv.org/abs/2505.05697v1
• Date: Fri, 09 May 2025 00:17:54 GMT
• Title: Bringing Forensic Readiness to Modern Computer Firmware
• Authors: Tobias Latzo, Florian Hantke, Lukas Kotschi, Felix Freiling,
• Abstract summary: This paper introduces UEberForensIcs, a UEFI application that makes it easy to acquire memory from the firmware.<n>There is even UEFI code called by the operating system during runtime, and we demonstrate how to utilize this for forensic purposes.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Today's computer systems come with a pre-installed tiny operating system, which is also known as UEFI. UEFI has slowly displaced the former legacy PC-BIOS while the main task has not changed: It is responsible for booting the actual operating system. However, features like the network stack make it also useful for other applications. This paper introduces UEberForensIcs, a UEFI application that makes it easy to acquire memory from the firmware, similar to the well-known cold boot attacks. There is even UEFI code called by the operating system during runtime, and we demonstrate how to utilize this for forensic purposes.

Related papers

• UFO2: The Desktop AgentOS [60.317812905300336]
  UFO2 is a multiagent AgentOS for Windows desktops that elevates into practical, system-level automation.<n>We evaluate UFO2 across over 20 real-world Windows applications, demonstrating substantial improvements in robustness and execution accuracy over prior CUAs.<n>Our results show that deep OS integration unlocks a scalable path toward reliable, user-aligned desktop automation.
  arXiv  Detail & Related papers  (2025-04-20T13:04:43Z)
• UEFI Memory Forensics: A Framework for UEFI Threat Analysis [22.944352324963546]
  We introduce a framework for UEFI memory forensics.<n>The proposed framework consists of two primary components: UefiMemDump, a memory acquisition tool, and UEFIDumpAnalysis, an extendable collection of analysis modules.<n>Our work enables researchers and practitioners to investigate firmware-level threats, develop additional analysis modules, and advance overall below-OS security.
  arXiv  Detail & Related papers  (2025-01-28T14:05:06Z)
• Pandora's Box in Your SSD: The Untold Dangers of NVMe [0.3222802562733787]
  We introduce the eNVMe platform, a malicious storage device. The eNVMe platform features a novel, Linux-based, open-source firmware. We uncover several attack vectors in Linux and Windows, highlighting the risks posed by malicious devices.
  arXiv  Detail & Related papers  (2024-11-01T08:09:34Z)
• Cognitive Kernel: An Open-source Agent System towards Generalist Autopilots [54.55088169443828]
  We introduce Cognitive Kernel, an open-source agent system towards the goal of generalist autopilots.<n>Unlike copilot systems, which primarily rely on users to provide essential state information, autopilot systems must complete tasks independently.<n>To achieve this, an autopilot system should be capable of understanding user intents, actively gathering necessary information from various real-world sources, and making wise decisions.
  arXiv  Detail & Related papers  (2024-09-16T13:39:05Z)
• Securing Network-Booting Linux Systems at the Example of bwLehrpool and bwForCluster NEMO [0.0]
  The universities of Baden-W"urttemberg are using stateless system remote boot for services such as computer labs and data centers. The aim of this work is to establish trust within this network, focusing on server-client identity, confidentiality and image authenticity.
  arXiv  Detail & Related papers  (2024-09-03T20:54:19Z)
• OS-Copilot: Towards Generalist Computer Agents with Self-Improvement [48.29860831901484]
  We introduce OS-Copilot, a framework to build generalist agents capable of interfacing with comprehensive elements in an operating system (OS) We use OS-Copilot to create FRIDAY, a self-improving embodied agent for automating general computer tasks. On GAIA, a general AI assistants benchmark, FRIDAY outperforms previous methods by 35%, showcasing strong generalization to unseen applications via accumulated skills from previous tasks.
  arXiv  Detail & Related papers  (2024-02-12T07:29:22Z)
• LLM as OS, Agents as Apps: Envisioning AIOS, Agents and the AIOS-Agent Ecosystem [48.81136793994758]
  Large Language Model (LLM) serves as the (Artificial) Intelligent Operating System (IOS), or AIOS--an operating system "with soul" We envision that LLM's impact will not be limited to the AI application level, instead, it will in turn revolutionize the design and implementation of computer system, architecture, software, and programming language.
  arXiv  Detail & Related papers  (2023-12-06T18:50:26Z)
• SoK: Security Below the OS -- A Security Analysis of UEFI [27.91463285974765]
  We study a spectrum of UEFI-targeted attacks and proofs of concept (PoCs) for exploiting UEFI-related vulnerabilities. We present a MITRE ATT&CK-like taxonomy delineating tactics, techniques, and sub-techniques in the context of UEFI attacks. This paper seeks to clarify the complexities of UEFI and equip the cybersecurity community with the necessary knowledge to strengthen the security of this critical component against a growing threat landscape.
  arXiv  Detail & Related papers  (2023-11-07T08:45:39Z)
• FLEdge: Benchmarking Federated Machine Learning Applications in Edge Computing Systems [61.335229621081346]
  Federated Learning (FL) has become a viable technique for realizing privacy-enhancing distributed deep learning on the network edge. In this paper, we propose FLEdge, which complements existing FL benchmarks by enabling a systematic evaluation of client capabilities.
  arXiv  Detail & Related papers  (2023-06-08T13:11:20Z)
• OpenBox: A Python Toolkit for Generalized Black-box Optimization [50.88355903338381]
  Black-box optimization (BBO) has a broad range of applications, including automatic machine learning, experimental design, and database knob tuning. This paper presents OpenBox, an open-source BBO toolkit with improved usability. It implements user-friendly interfaces and visualization for users to define and manage their tasks.
  arXiv  Detail & Related papers  (2023-04-26T07:13:50Z)
• PIMOD: A Tool for Configuring Single-Board Computer Operating System Images [0.7519268719195279]
  We present PIMOD, a software tool for configuring operating system images for single-board computer systems. The implementation of PIMOD is made public under a free and open source license.
  arXiv  Detail & Related papers  (2020-10-15T15:52:25Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.