A Socio-Technical Perspective on Threat Intelligence Informed Digital Forensic Readiness

A Socio-Technical Perspective on Threat Intelligence Informed Digital Forensic Readiness

Nikolaos Serketzis (Aristotle University of Thessaloniki, Thessaloniki, Greece), Vasilios Katos (Bournemouth University, Poole, UK), Christos Ilioudis (Alexander Technological Educational Institute of Thessaloniki, Thessaloniki, Greece), Dimitrios Baltatzis (International Hellenic University, Thessaloniki, Greece) and George J. Pangalos (Aristotle University of Thessaloniki, Thessaloniki, Greece)
Copyright: © 2017 |Pages: 12
DOI: 10.4018/IJSS.2017070105
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

In this article, a DFR framework is proposed focusing on the prioritization, triaging and selection of Indicators of Compromise (IoC) to be used when investigating of security incidents. A core component of the framework is the contextualization of the IoCs to the underlying organization, which can be achieved with the use of clustering and classification algorithms and a local IoC database.
Article Preview

In a seminal paper, Hutchins et al. (Hutchins, Cloppert, & Amin, 2011) proposed an approach for studying and improving incident response against APTs. They introduced a cyber kill chain which identifies a path comprised of 7 discrete and sequential phases an attacker follows to meet their adversarial goals. From a digital forensics perspective, the kill chain is particularly helpful in highlighting the following:

  • Every successful (to the attacker) phase is a direct consequence of the respective security control failures.

  • Detecting the security breach early in the chain infers low impact and potential damage.

  • Late detection of the security breach implies that there are more security failures. Hence the scope of the digital forensic artifact collection is wider.

For the remainder of this section, the relevant subtopics that will enable the key chain to leverage the proposed DFR framework are presented.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 4: 2 Issues (2017)
Volume 3: 2 Issues (2016)
Volume 2: 2 Issues (2015)
Volume 1: 2 Issues (2014)
View Complete Journal Contents Listing