jgru · December 3, 2025 11:05
diff --git a/publications-jgru.bib b/publications-jgru.bib
 @article{SchmitzG17,
    doi = {10.1155/2017/5879257},
    url = {https://doi.org/10.1155%2F2017%2F5879257},
    year = {2017},
    publisher = {Hindawi Limited},
    volume = {2017},
    pages = {1--10},
    author = {Roland Schmitz and Jan Gruber},
    title = {Commutative Watermarking-Encryption of Audio Data with Minimum Knowledge Verification},
    journal = {Advances in Multimedia}
 }

 @inproceedings{GruberF22a,
    author = {Gruber, Jan and Freiling, Felix},
    title = {Fighting Evasive Malware: How to Pass the Reverse Turing Test By Utilizing a VMI-Based Human Interaction Simulator},
    booktitle = {SICHERHEIT 2022},
    year = {2022},
    editor = {Wressnegger, C. and Reinhardt, D. and Barber, T. and Witt, B. C. and Arp, D. and Mann, Z. },
    pages = {49--64},
    doi = {10.18420/sicherheit2022_03},
    publisher = {Gesellschaft für Informatik e.V.},
    address = {Karlsruhe}
 }

 @article{GruberF22b,
    author = {Jan Gruber and Felix Freiling},
    title = {Fighting Evasive Malware},
    year = {2022},
    month = {5},
    volume = {46},
    number = {5},
    pages = {284--290},
    doi = {10.1007/s11623-022-1604-9},
    journal = {Datenschutz und Datensicherheit - {DuD}}
 }

 @inproceedings{DeuberGHRS22,
 author = {Deuber, Dominic and Gruber, Jan and Humml, Merlin and Ronge, Viktoria and Scheler, Nicole},
 booktitle = {Sixteenth International Workshop on Juris-informatics (JURISIN 2022)},
 date = {2022-06-13/2022-06-14},
 title = {{Argumentation} {Schemes} for {Blockchain} {Deanonymization}},
 venue = {Kyoto International Conference Center, Kyoto, Japan},
 year = {2022}
 }

 @article{GruberBF22,
    title = {Die polizeiliche Aufgabe und Pflicht zur digitalen Gefahrenabwehr},
    author = {Gruber, Jan and Brodowski, Dominik and Freiling, Felix C.},
    journal = {Zeitschrift f\"ur das gesamte Sicherheitsrecht (GSZ)},
    issn = {2567-3823},
    issue = {4},
    pages = {171--176},
    volume = {5},
    year = {2022}
 }

 @article{GruberVBF22,
    title = {Foundations of cybercriminalistics: From general process models to case-specific concretizations in cybercrime investigations},
    author = {Jan Gruber and Lena L. Voigt and Zinaida Benenson and Felix C. Freiling},
    year = 2022,
    journal = {Forensic Science International: Digital Investigation},
    volume = 43,
    pages = 301438,
    doi = {https://doi.org/10.1016/j.fsidi.2022.301438},
    issn = {2666-2817},
    url = {https://www.sciencedirect.com/science/article/pii/S2666281722001196},
    keywords = {Cybercriminalistics, Digital investigations, Investigative process, Knowledge management},
    abstract = {Despite spectacular stories of successful cyber operations by law enforcement agencies, we continue to be extremely inefficient in fighting cybercrime. The research community has contributed many abstract models to guide digital forensic analyses, but these are usually too abstract to be helpful in concrete cybercrime investigations since they do not give an immediate and straightforward translation of a confronted (digital) crime scene into viable yet promising criminalistic actions. We propose a method to systematically bridge the gap between high-level process models and the demands of actual investigations. The idea is to encode phenomenon-specific knowledge of cybercrime into node-link representations, thereby literally mapping the digital crime scene in well-founded visual representations – so-called cognitive maps. These can be used to derive a prioritized plan of action for targeted acquisition and analysis of case-relevant artifacts. To illustrate our approach, we present a cognitive map for the category of botnet crime and evaluate it with the help of domain experts and by applying it to two real-world cases.}
 }

 @incollection{Gruber23,
    author    = {Jan Gruber},
    title     = {{Identifizierung von Malware-Infrastruktur mittels verteilter Spamtrap-Systeme}},
    booktitle = {{Sicherheit in vernetzten Systemen: 30. DFN-Konferenz}},
    publisher = {BoD--Books on Demand},
    year      = {2023},
    editor    = {Albrecht Ude},
    pages     = {A1--A27},
    month     = {02},
    address   = {Hamburg},
 }


 @article{GruberHF23,
  author       = {Jan Gruber and
                  Christopher J. Hargreaves and
                  Felix C. Freiling},
  title        = {Contamination of digital evidence: Understanding an underexposed risk},
  journal      = {Forensic Sci. Int. Digit. Investig.},
  volume       = {44},
  number       = {Supplement},
  pages        = {301501},
  year         = {2023},
  url          = {https://doi.org/10.1016/j.fsidi.2023.301501},
  doi          = {10.1016/j.fsidi.2023.301501},
  timestamp    = {Tue, 23 May 2023 09:42:25 +0200},
  biburl       = {https://dblp.org/rec/journals/di/GruberHF23.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
 }

 @inproceedings{GruberHSF23,
    title = {Formal Verification of Necessary and Sufficient Evidence in Forensic Event Reconstruction},
    author = {Jan Gruber and Merlin Humml and Lutz Schr\"oder and Felix C. Freiling},
    booktitle = {Proceedings of the Digital Forensics Research Conference Europe (DFRWS EU)},
    year = 2023,
    month = {3},
    pages = {1--11},
    address = {Bonn},
    publisher = {dfrws.org},
    editor = {Edita Bajramovic and Ricardo J. Rodr\'{i}guez},
    url = {https://dfrws.org/presentation/formal-verification-of-necessary-and-sufficient-evidence-in-forensic-event-reconstruction/},
 }

 @article{GruberVF23,
    title = {{Faktoren erfolgreicher Cybercrime-Ermittlungen}},
    subtitle = {{Ergebnisse einer Expertenbefragung}},
    author = {Jan Gruber and Lena L. Voigt and Felix C. Freiling},
    year = {2023},
    month = {5},
    journal = {Kriminalistik},
    volume = {77},
    pages = {266--271},
    issn = {0023-4699}
 }

 @article{GruberH23,
    author = {Gruber, Jan and Humml, Merlin},
    title = {A Formal Treatment of Expressiveness and Relevance of Digital Evidence},
    month = {7},
    year = {2023},
    publisher = {Association for Computing Machinery},
    address = {New York, NY, USA},
    issn = {2692-1626},
    doi = {10.1145/3608485},
    url = {https://dl.acm.org/doi/10.1145/3608485},
    journal = {Digital Threats},
    keywords = {formal methods, digital investigations, cybercriminalistics, forensic computing, digital evidence}
 }

 @phdthesis{Gruber24,
  author  = {Gruber, Jan},
  title   = {Evidential Relevance and Expressiveness of Digital Traces: An Investigative Perspective},
  school  = {Friedrich-Alexander-Universität Erlangen-Nürnberg},
  year    = {2024}
 }

 @article{LindenmeierHGRF24,
 title = {Key extraction-based lawful access to encrypted data: Taxonomy and survey},
 journal = {Forensic Science International: Digital Investigation},
 volume = {50},
 pages = {301796},
 year = {2024},
 issn = {2666-2817},
 doi = {https://doi.org/10.1016/j.fsidi.2024.301796}
 }


 @article{LindenmeierGF24,
 author = {Lindenmeier, Christian and Gruber, Jan and Freiling, Felix},
 title = {InvesTEE: A TEE-supported Framework for Lawful Remote Forensic Investigations},
 year = {2024},
 publisher = {Association for Computing Machinery},
 address = {New York, NY, USA},
 url = {https://doi.org/10.1145/3680294},
 doi = {10.1145/3680294},
 abstract = {Remote forensic investigations, i.e., the covert lawful infiltration of computing devices, are a generic method to acquire evidence in the presence of strong defensive security. A precondition for such investigations is the ability to execute software with sufficient privileges on target devices. The standard way to achieve such remote access is by exploiting yet unpatched software vulnerabilities. This in turn puts other users at risk, resulting in a dilemma for state authorities that aim to protect the general public (by patching such vulnerabilities) and those that need remote access in criminal investigations. As a partial solution, we present a framework that enables privileged remote forensic access without using privileged exploits. The idea is to separate the remote forensic software into two parts: a Forensic Software, designed by law enforcement agencies to execute investigative actions, and a (privileged) Control Software, provided by the device vendor to selectively grant privileges to the Forensic Software based on a court warrant within the rules of criminal procedure. By leveraging trusted execution environments for running the Control Software in a tamper-proof manner, we enable trustful deployment and operation of remote forensic software. We provide a proof-of-concept implementation of InvesTEE that is based on ARMv8-A TrustZone.},
 journal = {Digital Threats},
 month = {jul},
 keywords = {remote forensics, digital investigations, trusted execution environments, cybercriminalistics}
 }

 @inproceedings{GruberF24,
    title = {The Cyber-traceological Model: A Model-based View of the Cybercriminalistic Task},
    author = {Jan Gruber and Felix Freiling},
    booktitle = {Proceedings of the Digital Forensics Research Conference Asia Pacific (DFRWS APAC)},
    year = 2024,
    month = {3},
    pages = {1--12},
    address = {Brisbane},
    publisher = {dfrws.org},
    editor = {Raymond Chan and Mariya Shafat and Leslie Sikos},
 }

 @inproceedings{VaniniGHBFB25,
  author       = {C{\'{e}}line Vanini and
                  Jan Gruber and
                  Christopher Hargreaves and
                  Zinaida Benenson and
                  Felix C. Freiling and
                  Frank Breitinger},
  title        = {Understanding Strategies and Challenges of Timestamp Tampering for
                  Improved Digital Forensic Event Reconstruction},
  booktitle    = {Proceedings of the Digital Forensics Doctoral Symposium, {DFDS} 2025,
                  Brno, Czech Republic, 1 April 2025},
  pages        = {10:1--10:8},
  publisher    = {{ACM}},
  year         = {2025},
  url          = {https://doi.org/10.1145/3712716.3712727},
  doi          = {10.1145/3712716.3712727},
  timestamp    = {Sat, 31 May 2025 23:09:12 +0200},
  biburl       = {https://dblp.org/rec/conf/dfds/VaniniGHBFB25.bib},
  bibsource    = {dblp computer science bibliography, https://dblp.org}
 }


 @article{GeusGWF25,
  title = {From sync to seizure: A binary instrumentation-based evaluation of the iCloud backup process},
  volume = {54},
  ISSN = {2666-2817},
  nourl = {http://dx.doi.org/10.1016/j.fsidi.2025.301978},
  DOI = {10.1016/j.fsidi.2025.301978},
  journal = {Forensic Science International: Digital Investigation},
  publisher = {Elsevier BV},
  author = {Geus,  Julian and Gruber,  Jan and Wozar,  Jonas and Freiling,  Felix},
  year = {2025},
  month = {10},
  pages = {301978}
 }
	@article{SchmitzG17,
	doi = {10.1155/2017/5879257},
	url = {https://doi.org/10.1155%2F2017%2F5879257},
	year = {2017},
	publisher = {Hindawi Limited},
	volume = {2017},
	pages = {1--10},
	author = {Roland Schmitz and Jan Gruber},
	title = {Commutative Watermarking-Encryption of Audio Data with Minimum Knowledge Verification},
	journal = {Advances in Multimedia}
	}

	@inproceedings{GruberF22a,
	author = {Gruber, Jan and Freiling, Felix},
	title = {Fighting Evasive Malware: How to Pass the Reverse Turing Test By Utilizing a VMI-Based Human Interaction Simulator},
	booktitle = {SICHERHEIT 2022},
	year = {2022},
	editor = {Wressnegger, C. and Reinhardt, D. and Barber, T. and Witt, B. C. and Arp, D. and Mann, Z. },
	pages = {49--64},
	doi = {10.18420/sicherheit2022_03},
	publisher = {Gesellschaft für Informatik e.V.},
	address = {Karlsruhe}
	}

	@article{GruberF22b,
	author = {Jan Gruber and Felix Freiling},
	title = {Fighting Evasive Malware},
	year = {2022},
	month = {5},
	volume = {46},
	number = {5},
	pages = {284--290},
	doi = {10.1007/s11623-022-1604-9},
	journal = {Datenschutz und Datensicherheit - {DuD}}
	}

	@inproceedings{DeuberGHRS22,
	author = {Deuber, Dominic and Gruber, Jan and Humml, Merlin and Ronge, Viktoria and Scheler, Nicole},
	booktitle = {Sixteenth International Workshop on Juris-informatics (JURISIN 2022)},
	date = {2022-06-13/2022-06-14},
	title = {{Argumentation} {Schemes} for {Blockchain} {Deanonymization}},
	venue = {Kyoto International Conference Center, Kyoto, Japan},
	year = {2022}
	}

	@article{GruberBF22,
	title = {Die polizeiliche Aufgabe und Pflicht zur digitalen Gefahrenabwehr},
	author = {Gruber, Jan and Brodowski, Dominik and Freiling, Felix C.},
	journal = {Zeitschrift f\"ur das gesamte Sicherheitsrecht (GSZ)},
	issn = {2567-3823},
	issue = {4},
	pages = {171--176},
	volume = {5},
	year = {2022}
	}

	@article{GruberVBF22,
	title = {Foundations of cybercriminalistics: From general process models to case-specific concretizations in cybercrime investigations},
	author = {Jan Gruber and Lena L. Voigt and Zinaida Benenson and Felix C. Freiling},
	year = 2022,
	journal = {Forensic Science International: Digital Investigation},
	volume = 43,
	pages = 301438,
	doi = {https://doi.org/10.1016/j.fsidi.2022.301438},
	issn = {2666-2817},
	url = {https://www.sciencedirect.com/science/article/pii/S2666281722001196},
	keywords = {Cybercriminalistics, Digital investigations, Investigative process, Knowledge management},
	abstract = {Despite spectacular stories of successful cyber operations by law enforcement agencies, we continue to be extremely inefficient in fighting cybercrime. The research community has contributed many abstract models to guide digital forensic analyses, but these are usually too abstract to be helpful in concrete cybercrime investigations since they do not give an immediate and straightforward translation of a confronted (digital) crime scene into viable yet promising criminalistic actions. We propose a method to systematically bridge the gap between high-level process models and the demands of actual investigations. The idea is to encode phenomenon-specific knowledge of cybercrime into node-link representations, thereby literally mapping the digital crime scene in well-founded visual representations – so-called cognitive maps. These can be used to derive a prioritized plan of action for targeted acquisition and analysis of case-relevant artifacts. To illustrate our approach, we present a cognitive map for the category of botnet crime and evaluate it with the help of domain experts and by applying it to two real-world cases.}
	}

	@incollection{Gruber23,
	author = {Jan Gruber},
	title = {{Identifizierung von Malware-Infrastruktur mittels verteilter Spamtrap-Systeme}},
	booktitle = {{Sicherheit in vernetzten Systemen: 30. DFN-Konferenz}},
	publisher = {BoD--Books on Demand},
	year = {2023},
	editor = {Albrecht Ude},
	pages = {A1--A27},
	month = {02},
	address = {Hamburg},
	}


	@article{GruberHF23,
	author = {Jan Gruber and
	Christopher J. Hargreaves and
	Felix C. Freiling},
	title = {Contamination of digital evidence: Understanding an underexposed risk},
	journal = {Forensic Sci. Int. Digit. Investig.},
	volume = {44},
	number = {Supplement},
	pages = {301501},
	year = {2023},
	url = {https://doi.org/10.1016/j.fsidi.2023.301501},
	doi = {10.1016/j.fsidi.2023.301501},
	timestamp = {Tue, 23 May 2023 09:42:25 +0200},
	biburl = {https://dblp.org/rec/journals/di/GruberHF23.bib},
	bibsource = {dblp computer science bibliography, https://dblp.org}
	}

	@inproceedings{GruberHSF23,
	title = {Formal Verification of Necessary and Sufficient Evidence in Forensic Event Reconstruction},
	author = {Jan Gruber and Merlin Humml and Lutz Schr\"oder and Felix C. Freiling},
	booktitle = {Proceedings of the Digital Forensics Research Conference Europe (DFRWS EU)},
	year = 2023,
	month = {3},
	pages = {1--11},
	address = {Bonn},
	publisher = {dfrws.org},
	editor = {Edita Bajramovic and Ricardo J. Rodr\'{i}guez},
	url = {https://dfrws.org/presentation/formal-verification-of-necessary-and-sufficient-evidence-in-forensic-event-reconstruction/},
	}

	@article{GruberVF23,
	title = {{Faktoren erfolgreicher Cybercrime-Ermittlungen}},
	subtitle = {{Ergebnisse einer Expertenbefragung}},
	author = {Jan Gruber and Lena L. Voigt and Felix C. Freiling},
	year = {2023},
	month = {5},
	journal = {Kriminalistik},
	volume = {77},
	pages = {266--271},
	issn = {0023-4699}
	}

	@article{GruberH23,
	author = {Gruber, Jan and Humml, Merlin},
	title = {A Formal Treatment of Expressiveness and Relevance of Digital Evidence},
	month = {7},
	year = {2023},
	publisher = {Association for Computing Machinery},
	address = {New York, NY, USA},
	issn = {2692-1626},
	doi = {10.1145/3608485},
	url = {https://dl.acm.org/doi/10.1145/3608485},
	journal = {Digital Threats},
	keywords = {formal methods, digital investigations, cybercriminalistics, forensic computing, digital evidence}
	}

	@phdthesis{Gruber24,
	author = {Gruber, Jan},
	title = {Evidential Relevance and Expressiveness of Digital Traces: An Investigative Perspective},
	school = {Friedrich-Alexander-Universität Erlangen-Nürnberg},
	year = {2024}
	}

	@article{LindenmeierHGRF24,
	title = {Key extraction-based lawful access to encrypted data: Taxonomy and survey},
	journal = {Forensic Science International: Digital Investigation},
	volume = {50},
	pages = {301796},
	year = {2024},
	issn = {2666-2817},
	doi = {https://doi.org/10.1016/j.fsidi.2024.301796}
	}


	@article{LindenmeierGF24,
	author = {Lindenmeier, Christian and Gruber, Jan and Freiling, Felix},
	title = {InvesTEE: A TEE-supported Framework for Lawful Remote Forensic Investigations},
	year = {2024},
	publisher = {Association for Computing Machinery},
	address = {New York, NY, USA},
	url = {https://doi.org/10.1145/3680294},
	doi = {10.1145/3680294},
	abstract = {Remote forensic investigations, i.e., the covert lawful infiltration of computing devices, are a generic method to acquire evidence in the presence of strong defensive security. A precondition for such investigations is the ability to execute software with sufficient privileges on target devices. The standard way to achieve such remote access is by exploiting yet unpatched software vulnerabilities. This in turn puts other users at risk, resulting in a dilemma for state authorities that aim to protect the general public (by patching such vulnerabilities) and those that need remote access in criminal investigations. As a partial solution, we present a framework that enables privileged remote forensic access without using privileged exploits. The idea is to separate the remote forensic software into two parts: a Forensic Software, designed by law enforcement agencies to execute investigative actions, and a (privileged) Control Software, provided by the device vendor to selectively grant privileges to the Forensic Software based on a court warrant within the rules of criminal procedure. By leveraging trusted execution environments for running the Control Software in a tamper-proof manner, we enable trustful deployment and operation of remote forensic software. We provide a proof-of-concept implementation of InvesTEE that is based on ARMv8-A TrustZone.},
	journal = {Digital Threats},
	month = {jul},
	keywords = {remote forensics, digital investigations, trusted execution environments, cybercriminalistics}
	}

	@inproceedings{GruberF24,
	title = {The Cyber-traceological Model: A Model-based View of the Cybercriminalistic Task},
	author = {Jan Gruber and Felix Freiling},
	booktitle = {Proceedings of the Digital Forensics Research Conference Asia Pacific (DFRWS APAC)},
	year = 2024,
	month = {3},
	pages = {1--12},
	address = {Brisbane},
	publisher = {dfrws.org},
	editor = {Raymond Chan and Mariya Shafat and Leslie Sikos},
	}

	@inproceedings{VaniniGHBFB25,
	author = {C{\'{e}}line Vanini and
	Jan Gruber and
	Christopher Hargreaves and
	Zinaida Benenson and
	Felix C. Freiling and
	Frank Breitinger},
	title = {Understanding Strategies and Challenges of Timestamp Tampering for
	Improved Digital Forensic Event Reconstruction},
	booktitle = {Proceedings of the Digital Forensics Doctoral Symposium, {DFDS} 2025,
	Brno, Czech Republic, 1 April 2025},
	pages = {10:1--10:8},
	publisher = {{ACM}},
	year = {2025},
	url = {https://doi.org/10.1145/3712716.3712727},
	doi = {10.1145/3712716.3712727},
	timestamp = {Sat, 31 May 2025 23:09:12 +0200},
	biburl = {https://dblp.org/rec/conf/dfds/VaniniGHBFB25.bib},
	bibsource = {dblp computer science bibliography, https://dblp.org}
	}


	@article{GeusGWF25,
	title = {From sync to seizure: A binary instrumentation-based evaluation of the iCloud backup process},
	volume = {54},
	ISSN = {2666-2817},
	nourl = {http://dx.doi.org/10.1016/j.fsidi.2025.301978},
	DOI = {10.1016/j.fsidi.2025.301978},
	journal = {Forensic Science International: Digital Investigation},
	publisher = {Elsevier BV},
	author = {Geus, Julian and Gruber, Jan and Wozar, Jonas and Freiling, Felix},
	year = {2025},
	month = {10},
	pages = {301978}
	}
No results found