Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

Investor logo

Warning

This publication doesn't include Faculty of Economics and Administration. It includes Institute of Computer Science. Official publication website can be found on muni.cz.
Authors

BERAN Michal HRDINA František KOUŘIL Daniel OŠLEJŠEK Radek ZÁKOPČANOVÁ Kristína

Year of publication 2020
Type Article in Proceedings
Conference 2020 IEEE Symposium on Visualization for Cyber Security (VizSec)
MU Faculty or unit

Institute of Computer Science

Citation
Web
Doi http://dx.doi.org/10.1109/VizSec51108.2020.00008
Keywords incident investigation; digital evidence; file system metadata; data analysis
Attached files
Description Investigating cybersecurity incidents requires in-depth knowledge from the analyst. Moreover, the whole process is demanding due to the vast data volumes that need to be analyzed. While various techniques exist nowadays to help with particular tasks of the analysis, the process as a whole still requires a lot of manual activities and expert skills. We propose an approach that allows the analysis of disk snapshots more efficiently and with lower demands on expert knowledge. Following a user-centered design methodology, we implemented an analytical tool to guide analysts during security incident investigations. The viability of the solution was validated by an evaluation conducted with members of different security teams.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.