Inproceedings
Data Analytics for Digital Forensics and Cybersecurity
Contribution Summary
The fields of digital forensics and cybersecurity face significant challenges, including information overload and increasing volumes of data. Digital forensic laboratories are struggling to keep up with the sheer number of cases, resulting in backlogs and potentially pertinent information being left unanalyzed. Data analytics offers a solution, enabling intelligent, real-time, automated data processing and event categorization. This can help address challenges such as the consistency and correlation problem, unified time lining problem, and diversity problem in digital forensics. Additionally, data analytics can improve cybersecurity by enabling behavioral anomaly detection, network behavioral analysis, and user behavioral analysis, ultimately helping to combat the increasing sophistication of cyberattacks.
Keywords: Digital Forensics; Cybersecurity; Data Analytics; Information Overload; Intelligent Automated Evidence Processing; Network Behavioural Analysis; User Behavioural Analysis
Abstract
Information overload is one of the biggest problems facing professionals working in the fields of Digital Forensics and Cybersecurity. The sheer volume of cases requiring digital forensic analysis in law enforcement agencies throughout the world is outstripping the capacities of digital forensic laboratories. This has resulted in huge digital evidence backlogs becoming commonplace and cases being ruled upon in court without the inclusion of potentially pertinent information, which is sitting idle in some evidence store. As is commonly relayed in the media, the frequency of cyberattacks being faced by governments, law enforcement agencies, and industry is increasing, alongside the sophistication of the techniques used. Current rules-based network intrusion detection systems are predominantly based on historic, known threat vectors and result in a very high amount of false positive alerts being generated. Intelligent, real-time, automated data processing and event categorisation is one solution that shows great promise to combat this information overload.
BibTeX
@inproceedings{scanlon2017dataanalytics,
author={Scanlon, Mark},
title="{Data Analytics for Digital Forensics and Cybersecurity}",
booktitle="{Predict Conference; Europe's Leading Data Conference (Predict 2017)}",
year=2017,
month=10,
address={Dublin, Ireland},
publisher={Predict Conference},
abstract="Information overload is one of the biggest problems facing professionals working in the fields of Digital Forensics and Cybersecurity. The sheer volume of cases requiring digital forensic analysis in law enforcement agencies throughout the world is outstripping the capacities of digital forensic laboratories. This has resulted in huge digital evidence backlogs becoming commonplace and cases being ruled upon in court without the inclusion of potentially pertinent information, which is sitting idle in some evidence store. As is commonly relayed in the media, the frequency of cyberattacks being faced by governments, law enforcement agencies, and industry is increasing, alongside the sophistication of the techniques used. Current rules-based network intrusion detection systems are predominantly based on historic, known threat vectors and result in a very high amount of false positive alerts being generated. Intelligent, real-time, automated data processing and event categorisation is one solution that shows great promise to combat this information overload."
}