3 research outputs found
Towards a Threat Intelligence Informed Digital Forensics Readiness Framework
Digital Forensic Readiness (DFR) has received little attention by the research community, when compared to the core digital forensic investigation processes. DFR was primarily about logging of security events to be leveraged by the forensic analysis phase. However, the increasing number of security incidents and the overwhelming volumes of data produced mandate the development of more effective and efficient DFR approaches. We propose a DFR framework focusing on the prioritisation, triaging and selection of Indicators of Compromise (IoC) to be used in investigations of security incidents. A core component of the framework is the contextualisation of the IoCs to the underlying organisation, which can be achieved with the use of clustering and classification algoriihms and a local IoC database
Actionable Threat Intelligence for Digital Forensics Readiness
The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing Digital Forensic Readiness (DFR) schemes by leveraging the benefits of cyber threat information sharing. This paper employs a quantitative methodology to identify the most popular Threat Intelligence elements and introduces a formalized procedure to correlate these elements with potential digital evidence resulting in the quick and accurate identification of patterns of malware activities. While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics domain. The proposed model can help organizations to improve their digital forensic readiness posture and thus minimize the time and cost of cybercrime incident
Improving Forensic Triage Efficiency through Cyber Threat Intelligence
The complication of information technology and the proliferation of heterogeneous security
devices that produce increased volumes of data coupled with the ever-changing threat landscape
challenges have an adverse impact on the efficiency of information security controls and digital
forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic
preparedness are the two parts of the so-called managed security services that defendants can employ
to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that
has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease
the time and cost of incident response and investigation. This paper builds upon and extends a
DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and
applicability of this model are evaluated through a series of experiments that employ malware-related
network data simulating real-world attack scenarios. To this extent, the model manages to identify
the root causes of information security incidents with high accuracy (90.73%), precision (96.17%)
and recall (93.61%), while managing to decrease significantly the volume of data digital forensic
investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI
can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient
mechanism that enhances operational DFR