Towards a Threat Intelligence Informed Digital Forensics Readiness Framework

Digital Forensic Readiness (DFR) has received little attention by the research community, when compared to the core digital forensic investigation processes. DFR was primarily about logging of security events to be leveraged by the forensic analysis phase. However, the increasing number of security incidents and the overwhelming volumes of data produced mandate the development of more effective and efficient DFR approaches. We propose a DFR framework focusing on the prioritisation, triaging and selection of Indicators of Compromise (IoC) to be used in investigations of security incidents. A core component of the framework is the contextualisation of the IoCs to the underlying organisation, which can be achieved with the use of clustering and classification algoriihms and a local IoC database

Improving Forensic Triage Efficiency through Cyber Threat Intelligence

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR

Actionable Threat Intelligence for Digital Forensics Readiness

The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing Digital Forensic Readiness (DFR) schemes by leveraging the benefits of cyber threat information sharing. This paper employs a quantitative methodology to identify the most popular Threat Intelligence elements and introduces a formalized procedure to correlate these elements with potential digital evidence resulting in the quick and accurate identification of patterns of malware activities. While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics domain. The proposed model can help organizations to improve their digital forensic readiness posture and thus minimize the time and cost of cybercrime incident

Challenges to evidence synthesis and identification of data gaps in human biomonitoring

The increasing number of human biomonitoring (HBM) studies undertaken in recent decades has brought to light the need to harmonise procedures along all phases of the study, including sampling, data collection and analytical methods to allow data comparability. The first steps towards harmonisation are the identification and collation of HBM methodological information of existing studies and data gaps. Systematic literature reviews and meta-analyses have been traditionally put at the top of the hierarchy of evidence, being increasingly applied to map available evidence on health risks linked to exposure to chemicals. However, these methods mainly capture peer-reviewed articles, failing to comprehensively identify other important, unpublished sources of information that are pivotal to gather a complete map of the produced evidence in the area of HBM. Within the framework of the European Human Biomonitoring Initiative (HBM4EU) initiative—a project that joins 30 countries, 29 from Europe plus Israel, the European Environment Agency and the European Commission—a comprehensive work of data triangulation has been made to identify existing HBM studies and data gaps across countries within the consortium. The use of documentary analysis together with an up-to-date platform to fulfil this need and its implications for research and practice are discussed

Diagnostic techniques for inflammatory eye disease: past, present and future: a review

Investigations used to aid diagnosis and prognosticate outcomes in ocular inflammatory disorders are based on techniques that have evolved over the last two centuries have dramatically evolved with the advances in molecular biological and imaging technology. Our improved understanding of basic biological processes of infective drives of innate immunity bridging the engagement of adaptive immunity have formed techniques to tailor and develop assays, and deliver targeted treatment options. Diagnostic techniques are paramount to distinguish infective from non-infective intraocular inflammatory disease, particularly in atypical cases. The advances have enabled our ability to multiplex assay small amount of specimen quantities of intraocular samples including aqueous, vitreous or small tissue samples. Nevertheless to achieve diagnosis, techniques often require a range of assays from traditional hypersensitivity reactions and microbe specific immunoglobulin analysis to modern molecular techniques and cytokine analysis. Such approaches capitalise on the advantages of each technique, thereby improving the sensitivity and specificity of diagnoses. This review article highlights the development of laboratory diagnostic techniques for intraocular inflammatory disorders now readily available to assist in accurate identification of infective agents and appropriation of appropriate therapies as well as formulating patient stratification alongside clinical diagnoses into disease groups for clinical trials

Periostin is identified as a putative metastatic marker in breast cancer-derived exosomes

Breast cancer (BrCa) is the most frequent cancer type in women and a leading cause of cancer related deaths in the world. Despite the decrease in mortality due to better diagnostics and palliative care, there is a lack of prognostic markers of metastasis. Recently, the exploitation of liquid biopsies and in particular of the extracellular vesicles has shown promise in the identification of such prognostic markers. In this study we compared the proteomic content of exosomes derived from metastatic and nonmetastatic human (MCF7 and MDA-MB-231) and mouse (67NR and 4T1) cell lines. We found significant differences not only in the amount of secreted exosomes but most importantly in the protein content of exosomes secreted from metastatic versus nonmetastatic ones. We identified periostin as a protein that is enriched in exosomes secreted by metastatic cells and validated its presence in a pilot cohort of breast cancer patient samples with localized disease or lymph node (LN) metastasis

Crescentic glomerulonephritis and membranous nephropathy: a rare coexistence

Background: The coexistence of crescents and membranous glomerulonephritis (MGN) is a special characteristic in lupus nephritis. In the absence of the characteristic histological features of lupus nephritis, MGN with crescents should raise the possibility of two other histopathological entities: anti-GBM disease and necrotizing and crescentic glomerulonephritis. The last one includes patients with positive ANCA serology or not. Results and conclusions: Here, we describe a case of a male patient who presented with extrarenal vasculitis symptoms, acute renal failure, hematuria and nephrotic-range proteinuria. ANCA serology was positive, and the biopsy revealed crescentic vasculitis plus membranous nephropathy. Reviewing the whole literature about similar histological cases, we included 38 cases with ANCA-positive serology and 30 ones with no ANCA in serum. It seems that in the first category vasculitis symptoms predominate, while in the second one these symptoms are absent. Their histological features have no major differences. In any case, the clinical course of these patients is serious, and in most cases, immunosuppression is essential in order to avoid end-stage renal disease. © 2015, Springer Science+Business Media Dordrecht

Twelve years' continuous wear of the same therapeutic soft contact lens: a case report

Purpose. To describe a case of a patient who had worn the same therapeutic soft contact lens (TSCL) continuously for twelve years, since he had failed to attend normal follow-up visits. Methods. Microbiological histological and scanning electron microscopic (SEM) studies of conjunctiva, cornea and TSCL were done. Results. Cultures were negative. Corneal histology revealed mild stromal edema and mild epithelial parakeratosis. Corneal SEM was remarkable for the preservation to some extent of normal corneal epithelial specialization with microtricae and microvillae. SEM of the TSCL showed a ruffed multi-layer surface with several cracks including different types of cells. Conclusions. The patient showed surprising tolerance to the continuous wear of the same contact lens for 12 years