Skip navigation

Forensics for multi-stage cyber incidents: survey and future directions

Forensics for multi-stage cyber incidents: survey and future directions

Nisioti, Antonia, Loukas, George ORCID logoORCID: https://orcid.org/0000-0003-3559-5182, Mylonas, Alexios and Panaousis, Emmanouil ORCID logoORCID: https://orcid.org/0000-0001-7306-4062 (2022) Forensics for multi-stage cyber incidents: survey and future directions. Forensic Science International: Digital Investigation, 44:301480. ISSN 2666-2817 (Online) (doi:10.1016/j.fsidi.2022.301480)

[thumbnail of Open Access Article]
Preview
PDF (Open Access Article)
37963_PANAOUSIS_Forensics_for_multi_stage_cyber_incidents_Survey_and_future_directions_(OA)_2022.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB) | Preview
[thumbnail of AAM]
Preview
PDF (AAM)
37963_PANAOUSIS_Forensics_for_multi_stage_cyber_incidents_Survey_and_future_directions.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (716kB) | Preview

Abstract

The increase in the complexity and sophistication of multi-stage cyber attacks, such as advanced persistent threats, paired with the large volume of data pro- duced by modern systems and networks, have made forensic investigations more demanding in knowledge and resources. Thus, it is essential that cyber forensic investigators are supported to operate more efficiently, in terms of resources and evidence recovery, and cope with a wide range of cyber incidents. This paper presents a comprehensive survey of 49 works that aim to sup- port cyber forensic investigations of modern multi-stage cyber incidents and highlights the need for decision support systems on the field. The works reviewed are compared using 11 criteria, such as their evaluation method, how they optimise the forensic process, or what stage of investigation they study. We also classify the surveyed papers using 8 categories that represent the overall aim of the proposed cyber investigation method or tool. We identify and discuss open issues, arising from this extensive survey, such as the need for realistic evaluation, as well as realistic and representative modelling to increase applicability and performance. Finally, we provide directions for future research on improving the state-of-the-art of cyber forensics.

Item Type: Article
Uncontrolled Keywords: cyber forensics; digital forensics; multi-stage attacks; anti-forensics; advanced persistent threats; survey; review
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > Internet of Things and Security Research Centre (ISEC)
Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Last Modified: 16 Jan 2023 14:05
URI: http://gala.gre.ac.uk/id/eprint/37963

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics