BMCLeech: Introducing Stealthy Memory Forensics to BMC

摘要

Several system management technologies have been introduced that leverage additional devices on the main board to asynchronously access and control the host's computing resources. One such prominent technology for server systems is the Baseboard Management Controller (BMC), a co-processors with some firmware that allows an administrator to monitor and administer a server remotely. This paper introduces BMCLeech, the first software that brings forensic memory acquisition onto the BMC which makes it very useful for incident response teams. BMCLeech is based on the open source BMC implementation OpenBMC and internally leverages the power of PCILeech, a well-known framework for memory acquisition via DMA. (C) 2020 The Author(s). Published by Elsevier Ltd.