D4I - Digital forensics framework for reviewing and investigating cyber attacks

Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation of damages and maturing future prevention ap...

Descripción completa

Detalles Bibliográficos
Autores principales: Dimitriadis, Athanasios, Ivezic, Nenad, Kulvatunyou, Boonserm, Mavridis, Ioannis
Formato: Online Artículo Texto
Lenguaje:English
Publicado: 2020
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9074801/
https://www.ncbi.nlm.nih.gov/pubmed/35531088
http://dx.doi.org/10.1016/j.array.2019.100015
_version_ 1784701544447344640
author Dimitriadis, Athanasios
Ivezic, Nenad
Kulvatunyou, Boonserm
Mavridis, Ioannis
author_facet Dimitriadis, Athanasios
Ivezic, Nenad
Kulvatunyou, Boonserm
Mavridis, Ioannis
author_sort Dimitriadis, Athanasios
collection PubMed
description Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation of damages and maturing future prevention approaches. Nowadays, the investigation of cyber-attacks has evolved more than ever leveraging combinations of intelligent tools and digital forensics processes. Intelligent tools (e.g., YARA rules and Indicators of Compromise) are effective only when there is prior knowledge about software and mechanisms used in the cyber-attack, i.e., they are not attack-agnostic. Therefore, the effectiveness of these intelligent tools is inversely proportional to the number of the never-seen-before software and mechanisms utilized. Digital forensic processes, while not suffering from such issue, lack the ability to provide in-depth support to a cyber-attack investigation mainly due to insufficient detailed instructions in the examination and analysis phases. This paper proposes a digital forensics framework for reviewing and investigating cyber-attacks, called D4I, which focuses on enhancing the examination and analysis phases. First, the framework proposes a digital artifacts categorization and mapping to the Cyber-Kill-Chain steps of attacks. Second, it provides detailed instructing steps for the examination and analysis phases. The applicability of D4I is demonstrated with an application example that concerns a typical case of a spear phishing attack.
format Online
Article
Text
id pubmed-9074801
institution National Center for Biotechnology Information
language English
publishDate 2020
record_format MEDLINE/PubMed
spelling pubmed-90748012022-05-06 D4I - Digital forensics framework for reviewing and investigating cyber attacks Dimitriadis, Athanasios Ivezic, Nenad Kulvatunyou, Boonserm Mavridis, Ioannis Array (N Y) Article Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation of damages and maturing future prevention approaches. Nowadays, the investigation of cyber-attacks has evolved more than ever leveraging combinations of intelligent tools and digital forensics processes. Intelligent tools (e.g., YARA rules and Indicators of Compromise) are effective only when there is prior knowledge about software and mechanisms used in the cyber-attack, i.e., they are not attack-agnostic. Therefore, the effectiveness of these intelligent tools is inversely proportional to the number of the never-seen-before software and mechanisms utilized. Digital forensic processes, while not suffering from such issue, lack the ability to provide in-depth support to a cyber-attack investigation mainly due to insufficient detailed instructions in the examination and analysis phases. This paper proposes a digital forensics framework for reviewing and investigating cyber-attacks, called D4I, which focuses on enhancing the examination and analysis phases. First, the framework proposes a digital artifacts categorization and mapping to the Cyber-Kill-Chain steps of attacks. Second, it provides detailed instructing steps for the examination and analysis phases. The applicability of D4I is demonstrated with an application example that concerns a typical case of a spear phishing attack. 2020 /pmc/articles/PMC9074801/ /pubmed/35531088 http://dx.doi.org/10.1016/j.array.2019.100015 Text en https://creativecommons.org/licenses/by-nc-nd/4.0/This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/bync-nd/4.0/ (https://creativecommons.org/licenses/by-nc-nd/4.0/) ).
spellingShingle Article
Dimitriadis, Athanasios
Ivezic, Nenad
Kulvatunyou, Boonserm
Mavridis, Ioannis
D4I - Digital forensics framework for reviewing and investigating cyber attacks
title D4I - Digital forensics framework for reviewing and investigating cyber attacks
title_full D4I - Digital forensics framework for reviewing and investigating cyber attacks
title_fullStr D4I - Digital forensics framework for reviewing and investigating cyber attacks
title_full_unstemmed D4I - Digital forensics framework for reviewing and investigating cyber attacks
title_short D4I - Digital forensics framework for reviewing and investigating cyber attacks
title_sort d4i - digital forensics framework for reviewing and investigating cyber attacks
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9074801/
https://www.ncbi.nlm.nih.gov/pubmed/35531088
http://dx.doi.org/10.1016/j.array.2019.100015
work_keys_str_mv AT dimitriadisathanasios d4idigitalforensicsframeworkforreviewingandinvestigatingcyberattacks
AT ivezicnenad d4idigitalforensicsframeworkforreviewingandinvestigatingcyberattacks
AT kulvatunyouboonserm d4idigitalforensicsframeworkforreviewingandinvestigatingcyberattacks
AT mavridisioannis d4idigitalforensicsframeworkforreviewingandinvestigatingcyberattacks