Visual Decision-Support for Live Digital Forensic Investigations

Fabian Böhm, Ludwig Englbrecht, Sabrina Friedl, Guenther Pernul

External link (DOI)
View presentation:2021-10-27T17:20:00ZGMT-0600Change your timezone on the schedule page
2021-10-27T17:20:00Z
Exemplar figure, described by caption below
Fabian Böhm received his master's degree in Management Information Systems within the Honors Elite Program at the University of Regensburg, Germany and the Polytechnic University of Catalonia in Barcelona, Spain, in 2016. Since 2017, he is a Ph.D. candidate and research assistant at the Chair of Information Systems at the University of Regensburg. His research interests cycle around the application of Visual Analytics for cybersecurity. The core research results show the possibilities offered by Visual Analytics in crucial security domains as Cyber Threat lntelligence, ldentity and Access Management, Security Analytics, and Digital Forensics.
Fast forward

Direct link to video on YouTube: https://youtu.be/qiaFAMb-v38

Keywords

University of Regensburg

Abstract

Performing a live digital forensic investigation on a running system is challenging due to the time pressure under which decisions have to be made. Newly proliferating and frequently applied types of malware (e.g., fileless malware) increase the need to conduct digital forensic investigations in real-time. In the course of these investigations, forensic experts are confronted with a wide range of different forensic tools. The decision, which of those are suitable for the current situation, is often based on the forensic experts' experience. Currently, there is no reliable automated solution to support this decision-making. Therefore, we derive requirements for visually supporting the decision-making process for live forensic investigations and introduce a research prototype that provides visual guidance for cyber forensic experts during a live digital forensic investigation. Our prototype collects relevant core information for a live digital forensic and provides visual representations for connections between occurring events, developments over time, and detailed information on specific events. To show the applicability of our approach, we analyze an exemplary use case using the prototype and demonstrate the support through our approach.