Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Actionable threat intelligence for digital forensics readiness

Actionable threat intelligence for digital forensics readiness The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing.Design/methodology/approachThis paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities.FindingsWhile threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain.Originality/valueThe proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information & Computer Security Emerald Publishing

Actionable threat intelligence for digital forensics readiness

Download PDF
19 pages

Loading next page...
 
/lp/emerald-publishing/actionable-threat-intelligence-for-digital-forensics-readiness-QfRngOyrbN
Publisher
Emerald Publishing
Copyright
© Emerald Publishing Limited
ISSN
2056-4961
DOI
10.1108/ics-09-2018-0110
Publisher site
See Article on Publisher Site

Abstract

The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing.Design/methodology/approachThis paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities.FindingsWhile threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain.Originality/valueThe proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.

Journal

Information & Computer SecurityEmerald Publishing

Published: May 28, 2019

Keywords: Information security; Cybersecurity; Cyber threat intelligence; Digital forensic readiness; Digital forensics; Indicators of compromise

References

  • RFC 5070. The incident object description exchange format
    Danyliw, L.; Demchenko, Y.
  • Exploring the opportunities and limitations of current threat intelligence platforms
  • Digital forensics research: the next 10 years
    Garfinkel, S.L.
  • Digital forensic readiness as a component of information security best practice
    Grobler, C.P.; Louwrens, C.P.
  • A framework to guide the implementation of proactive digital forensics in organizations
    Grobler, C.P.; Louwrens, C.P.; Von Solms, S.H.
  • IANA IPv4 Special-Purpose address registry
  • About fully qualified domain names (FQDNs)
  • Paper on searching and indexing using elasticsearch
    Kalyani, D.; Mehta, D.D.
  • A functional architecture for cloud forensic readiness large-scale potential digital evidence analysis
    Kebande, V.; Venter, H.S.
  • Towards a prototype for achieving digital forensic readiness in the cloud using a distributed NMB solution
    Kebande, V.; Ntsamo, H.S.; Venter, H.S.S.
  • Parallel in situ indexing for data-intensive computing
    Kim, J.; Abbasi, H.; Chacon, L.; Docan, C.; Klasky, S.; Liu, Q.; Podhorszki, N.
  • Utilizing a NoSQL data store for scalable log analysis
    Mahmood, K.; Risch, T.; Zhu, M.
  • Security analytics: big data analytics for cybersecurity: a review of trends, techniques and tools
    Mahmood, T.; Afzal, U.
  • Network intrusion detection: half a kingdom for a good dataset
    Małowidzki, M.; Berezi, P.; Mazur, M.
  • OpenIOC
  • STIX: a structured language for cyber threat intelligence
  • Automated Confidence Score Measurement of Threat Indicators
    Modi, A.; Doupé, A.
  • NoSQL database: new era of databases for big data analytics-classification, characteristics and comparison
    Moniruzzaman, A.B.M.; Hossain, S.A.
  • Type of NoSQL databases and its comparison with relational databases
    Nayak, A.; Poriya, A.; Poojary, D.
  • From relational to Neo4j
  • The modelling of a digital forensic readiness approach for wireless local area networks
    Ngobeni, S.; Venter, H.; Burke, I.
  • Open source HIDS SECurity
  • DTR - T001-01 technical report. A road map for digital forensic research
    Palmer, G.
  • Information assurance and forensic readiness
    Pangalos, G.; Katos, V.
  • The importance of cyber threat intelligence to a strong security posture
  • Big forensic data management in heterogeneous distributed systems: quick analysis of multimedia forensic data
    Quick, D.; Choo, K.R.
  • The architecture of a digital forensic readiness management system
    Reddy, K.; Venter, H.S.
  • A ten step process for forensic readiness
    Rowlingson, R.
  • Threat intelligence sharing platforms: An exploratory study of software vendors and research perspectives
    Sauerwein, C.; Sillaber, C.; Mussmann, A.; Breu, R.
  • A Socio-Technical perspective on threat intelligence informed digital forensic readiness
    Serketzis, N.; Katos, V.; Ilioudis, C.; Baltatzis, D.; Pangalos, G.J.
  • A system for the proactive, continuous, and efficient collection of digital forensic evidence
    Shields, C.; Frieder, O.; Maloof, M.
  • Requirements for a forensically ready cloud storage service
    Spyridopoulos, T.; Katos, V.
  • Stratosphere datasets
  • Trojan.Zbot
  • A survey on technical threat intelligence in the age of sophisticated cyber attacks
    Tounsi, W.; Rais, H.
  • 2018 Data breach investigations report
  • Big data analytics for sophisticated attack detection
    Virvilis, N.; Serrano, O.; Dandurand, L.
  • What is threat intelligence
    Wigmore, I.