Forensics for multi-stage cyber incidents: Survey and future directions. (March 2023)
- Record Type:
- Journal Article
- Title:
- Forensics for multi-stage cyber incidents: Survey and future directions. (March 2023)
- Main Title:
- Forensics for multi-stage cyber incidents: Survey and future directions
- Authors:
- Nisioti, Antonia
Loukas, George
Mylonas, Alexios
Panaousis, Emmanouil - Abstract:
- Abstract: The increase in the complexity and sophistication of multi-stage cyber attacks, such as advanced persistent threats, paired with the large volume of data produced by modern systems and networks, have made forensic investigations more demanding in knowledge and resources. Thus, it is essential that cyber forensic investigators are supported to operate more efficiently, in terms of resources and evidence recovery, and cope with a wide range of cyber incidents. This paper presents a comprehensive survey of 49 works that aim to support cyber forensic investigations of modern multi-stage cyber incidents and highlights the need for decision support systems on the field. The works reviewed are compared using 11 criteria, such as their evaluation method, how they optimise the forensic process, or what stage of investigation they study. We also classify the surveyed papers using 8 categories that represent the overall aim of the proposed cyber investigation method or tool. We identify and discuss open issues, arising from this extensive survey, such as the need for realistic evaluation, as well as realistic and representative modelling to increase applicability and performance. Finally, we provide directions for future research on improving the state-of-the-art of cyber forensics. Highlights: Comprehensive survey of methods that aim to support cyber forensic investigations of modern multi-stage cyber incidents. Comparison of works using 11 criteria, such as their evaluationAbstract: The increase in the complexity and sophistication of multi-stage cyber attacks, such as advanced persistent threats, paired with the large volume of data produced by modern systems and networks, have made forensic investigations more demanding in knowledge and resources. Thus, it is essential that cyber forensic investigators are supported to operate more efficiently, in terms of resources and evidence recovery, and cope with a wide range of cyber incidents. This paper presents a comprehensive survey of 49 works that aim to support cyber forensic investigations of modern multi-stage cyber incidents and highlights the need for decision support systems on the field. The works reviewed are compared using 11 criteria, such as their evaluation method, how they optimise the forensic process, or what stage of investigation they study. We also classify the surveyed papers using 8 categories that represent the overall aim of the proposed cyber investigation method or tool. We identify and discuss open issues, arising from this extensive survey, such as the need for realistic evaluation, as well as realistic and representative modelling to increase applicability and performance. Finally, we provide directions for future research on improving the state-of-the-art of cyber forensics. Highlights: Comprehensive survey of methods that aim to support cyber forensic investigations of modern multi-stage cyber incidents. Comparison of works using 11 criteria, such as their evaluation method, optimisation method, or stage of investigation. Classification of works into 8 unique categories representing the aim of the proposed cyber investigation method or tool. Identification and discussion of open issues, and directions for future research on cyber forensics. … (more)
- Is Part Of:
- Forensic science international. Volume 44(2023)
- Journal:
- Forensic science international
- Issue:
- Volume 44(2023)
- Issue Display:
- Volume 44, Issue 2023 (2023)
- Year:
- 2023
- Volume:
- 44
- Issue:
- 2023
- Issue Sort Value:
- 2023-0044-2023-0000
- Page Start:
- Page End:
- Publication Date:
- 2023-03
- Subjects:
- Cyber forensics -- Digital forensics -- Multi-stage attacks -- Anti-forensics -- Advanced persistent threats -- Survey -- Review
- Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.fsidi.2022.301480 ↗
- Languages:
- English
- ISSNs:
- 2666-2817
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 26969.xml