Inproceedings
Data Analytics for Digital Forensics and Cybersecurity
Contribution Summary
The paper presents a data analytics approach to address the information overload problem in digital forensics and cybersecurity. The proposed solution leverages intelligent, real-time, automated data processing and event categorization to reduce the burden on digital forensic laboratories and improve the efficiency of network intrusion detection systems. By automating the processing and categorization of digital evidence, the solution aims to reduce the risk of false positive alerts and enable law enforcement agencies to make more informed decisions in court. The paper highlights the growing need for data-driven approaches in digital forensics and cybersecurity to combat the increasing frequency and sophistication of cyberattacks.
Keywords: Data Analytics for Digital Forensics; Cybersecurity Information Overload; Real-time Event Categorization; Automated Data Processing; Network Intrusion Detection Systems; Digital Evidence Management; Law Enforcement Efficiency
Abstract
Information overload is one of the biggest problems facing professionals working in the fields of Digital Forensics and Cybersecurity. The sheer volume of cases requiring digital forensic analysis in law enforcement agencies throughout the world is outstripping the capacities of digital forensic laboratories. This has resulted in huge digital evidence backlogs becoming commonplace and cases being ruled upon in court without the inclusion of potentially pertinent information, which is sitting idle in some evidence store. As is commonly relayed in the media, the frequency of cyberattacks being faced by governments, law enforcement agencies, and industry is increasing, alongside the sophistication of the techniques used. Current rules-based network intrusion detection systems are predominantly based on historic, known threat vectors and result in a very high amount of false positive alerts being generated. Intelligent, real-time, automated data processing and event categorisation is one solution that shows great promise to combat this information overload.
BibTeX
@inproceedings{scanlon2017dataanalytics,
author={Scanlon, Mark},
title="{Data Analytics for Digital Forensics and Cybersecurity}",
booktitle="{Predict Conference; Europe's Leading Data Conference (Predict 2017)}",
year=2017,
month=10,
address={Dublin, Ireland},
publisher={Predict Conference},
abstract="Information overload is one of the biggest problems facing professionals working in the fields of Digital Forensics and Cybersecurity. The sheer volume of cases requiring digital forensic analysis in law enforcement agencies throughout the world is outstripping the capacities of digital forensic laboratories. This has resulted in huge digital evidence backlogs becoming commonplace and cases being ruled upon in court without the inclusion of potentially pertinent information, which is sitting idle in some evidence store. As is commonly relayed in the media, the frequency of cyberattacks being faced by governments, law enforcement agencies, and industry is increasing, alongside the sophistication of the techniques used. Current rules-based network intrusion detection systems are predominantly based on historic, known threat vectors and result in a very high amount of false positive alerts being generated. Intelligent, real-time, automated data processing and event categorisation is one solution that shows great promise to combat this information overload."
}