SiERRA - Automating and scaling forensic investigations at Siemens CERT


View Recording


/files/slides/001-08_7URCLN - Demian Kellermann_SiERRA.pptx

View Slides


Usually, a forensic investigation of a breach involves a lot of data conversions, loose files and the investigator’s personal collection of favorite tools. This leads to issues when it comes to scaling the investigation to many hosts and also lacks consistency of results when sharing the analysis work in a team.

Over the last years, we have wrapped all our tools into a common interface, defined the data flow between them and built comprehensive workflows out of these building blocks. We can now automatically process collected forensics data from the raw image into a plethora of useful reports, all in a single click.

Additionally, our platform offers a sleek interface to view the reports and the raw data, search the timeline and document our findings.

Using this approach, we have improved our ability to quickly adapt to big investigations and to keeping track of the progress throughout the collection, processing and documentation phases while also making forensics more accessible to colleagues from IR.

Demian Kellermann

Demian has been working at Siemens CERT for 6 years as an incident responder and digital forensics analyst. For the past years, he has also taken on the role as lead engineer of the team’s efforts to automate and enhance the analysis processes.

In the past, he has also worked on digital forensics cases for Germany’s law enforcement agencies.