Next Article in Journal
Platform Economy and Techno-Regulation—Experimenting with Reputation and Nudge
Next Article in Special Issue
Research on SWIM Services Dynamic Migration Method
Previous Article in Journal
Leveraging the Internet of Things and Blockchain Technology in Supply Chain Management
Previous Article in Special Issue
Data Anonymization for Hiding Personal Tendency in Set-Valued Database Publication
Open AccessArticle

Improving Forensic Triage Efficiency through Cyber Threat Intelligence

1
Department of Electrical & Computer Engineering, Aristotle University of Thessaloniki, 54124 Thessaloniki, Greece
2
Department of Computing and Informatics, Bournemouth University, Poole BH12 5BB, UK
3
Department of Information and Electronic Engineering, International Hellenic University, 57400 Thessaloniki, Greece
4
School of Science & Technology, International Hellenic University, 57001 Thermi, Greece
*
Author to whom correspondence should be addressed.
Future Internet 2019, 11(7), 162; https://doi.org/10.3390/fi11070162
Received: 5 June 2019 / Revised: 4 July 2019 / Accepted: 15 July 2019 / Published: 23 July 2019
(This article belongs to the Special Issue Security and Privacy in Information and Communication Systems)
The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR. View Full-Text
Keywords: digital forensics; digital forensic readiness; threat intelligence; threat hunting; forensic triage digital forensics; digital forensic readiness; threat intelligence; threat hunting; forensic triage
Show Figures

Figure 1

MDPI and ACS Style

Serketzis, N.; Katos, V.; Ilioudis, C.; Baltatzis, D.; Pangalos, G. Improving Forensic Triage Efficiency through Cyber Threat Intelligence. Future Internet 2019, 11, 162.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop