Investigating cyber-attacks in a legally binding way becomes more and more difficult, especially through advanced attacks (AT) such as advanced persistent threats (APT) or multihost attacks. Current forensic models do not provide a basis for a process to analyze such attacks. This paper’s objective is to find a novel forensic management approach based on agile methods to meet the challenges of ATs. When it comes to the forensic investigation of such attacks, big data problems need to be addressed due to the amount of data that needs to be analyzed. The proposed model meets this requirement by precisely defining the questions that need to be answered in an early state and collecting only the evidence that is needed to answer these questions. Additionally, the novel flower model for AT is presented that meets the different phases of an investigation process.

Published in: Internet Technology and Secured Transactions (ICITST-2018)

• Date of Conference: 10-13 December 2018
• DOI: 10.2053/ICITST.WorldCIS.WCST.WCICSS.2018.0024
• ISBN: 978-1-908320-94-0
• Conference Location: University of Cambridge, Churchill College