Actionable threat intelligence for digital forensics readiness

Authors: Serketzis, N., Katos, V., Ilioudis, C., Baltatzis, D. and Pangalos, G.

http://eprints.bournemouth.ac.uk/31484/

Journal: Information and Computer Security

DOI: 10.1108/ICS-09-2018-0110

The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing Digital Forensic Readiness (DFR) schemes by leveraging the benefits of cyber threat information sharing.

This paper employs a quantitative methodology to identify the most popular Threat Intelligence elements and introduces a formalized procedure to correlate these elements with potential digital evidence resulting in the quick and accurate identification of patterns of malware activities.

While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics domain.

The proposed model can help organizations to improve their digital forensic readiness posture and thus minimize the time and cost of cybercrime incidents

This data was imported from Scopus:

Authors: Serketzis, N., Katos, V., Ilioudis, C., Baltatzis, D. and Pangalos, G.J.

http://eprints.bournemouth.ac.uk/31484/

Journal: Information and Computer Security

eISSN: 2056-497X

ISSN: 2056-4961

DOI: 10.1108/ICS-09-2018-0110

© 2019, Emerald Publishing Limited. Purpose: The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing. Design/methodology/approach: This paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities. Findings: While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain. Originality/value: The proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.

The data on this page was last updated at 04:52 on April 20, 2019.