2018
DOI: 10.1007/978-3-030-05487-8_5
|View full text |Cite
|
Sign up to set email alerts
|

Digital Forensic Readiness Framework for Ransomware Investigation

Abstract: Over the years there has been a significant increase in the exploitation of the security vulnerabilities of Windows operating systems, the most severe threat being malicious software (malware). Ransomware, a variant of malware which encrypts files and retains the decryption key for ransom, has recently proven to become a global digital epidemic. The current method of mitigation and propagation of malware and its variants, such as anti-viruses, have proven ineffective against most Ransomware attacks. Theoretica… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
19
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
5
5

Relationship

4
6

Authors

Journals

citations
Cited by 31 publications
(19 citation statements)
references
References 24 publications
0
19
0
Order By: Relevance
“…To address the lack of an automated mechanism for preserving evidence and maintaining integrity, a model was developed targeting the various security and forensic aspects during the investigation lifecycle. This model is an improvement of the authors' previous work [29]. The SecureRS model ties in with some of the readiness processes addressed in ISO/IEC 27043 [14].…”
Section: Securers Process Modelmentioning
confidence: 98%
“…To address the lack of an automated mechanism for preserving evidence and maintaining integrity, a model was developed targeting the various security and forensic aspects during the investigation lifecycle. This model is an improvement of the authors' previous work [29]. The SecureRS model ties in with some of the readiness processes addressed in ISO/IEC 27043 [14].…”
Section: Securers Process Modelmentioning
confidence: 98%
“…Therefore, in the data preservation stage, we proposed the method for converting raw data to the logical image file more efficient for data recovery [118] and preserving them. The backup files cannot be tampered because hash signatures are attached to the file [119], thereby ensuring the integrity and identity of PDE.…”
Section: ) Pde Collection and Preservation Implementationmentioning
confidence: 99%
“…Two supportive, yet distinctive subdomains; proactive forensics and behavioral biometrics are further considered in this study, as is shown in Figure 1. Studies on the proactive forensics approach have mainly explored forensic readiness within the context of the ISO/IEC 27043:2015 standard [3]- [9]. Proactive approaches towards enhancing digital forensics suggest that measures can be implemented within the system under consideration in such a way that relevant and potentially useful pieces of evidence can be collected in a forensically sound manner prior to the occurrence of a digital incident.…”
Section: Introductionmentioning
confidence: 99%