Data Analytics for Digital Forensics and Cybersecurity

Authors: Scanlon, Mark

Publication Date: October 2017

Publication Name: Predict Conference; Europe's Leading Data Conference (Predict 2017)

Abstract:

Information overload is one of the biggest problems facing professionals working in the fields of Digital Forensics and Cybersecurity. The sheer volume of cases requiring digital forensic analysis in law enforcement agencies throughout the world is outstripping the capacities of digital forensic laboratories. This has resulted in huge digital evidence backlogs becoming commonplace and cases being ruled upon in court without the inclusion of potentially pertinent information, which is sitting idle in some evidence store. As is commonly relayed in the media, the frequency of cyberattacks being faced by governments, law enforcement agencies, and industry is increasing, alongside the sophistication of the techniques used. Current rules-based network intrusion detection systems are predominantly based on historic, known threat vectors and result in a very high amount of false positive alerts being generated. Intelligent, real-time, automated data processing and event categorisation is one solution that shows great promise to combat this information overload.

Download:

Download Paper as PDF

BibTeX Entry:

@inproceedings{scanlon2017dataanalytics,
author={Scanlon, Mark},
title="{Data Analytics for Digital Forensics and Cybersecurity}",
booktitle="{Predict Conference; Europe's Leading Data Conference (Predict 2017)}",
year="2017",
month="10",
month={October},
address={Dublin, Ireland},
publisher={Predict Conference},
abstract="Information overload is one of the biggest problems facing professionals working in the fields of Digital Forensics and Cybersecurity. The sheer volume of cases requiring digital forensic analysis in law enforcement agencies throughout the world is outstripping the capacities of digital forensic laboratories. This has resulted in huge digital evidence backlogs becoming commonplace and cases being ruled upon in court without the inclusion of potentially pertinent information, which is sitting idle in some evidence store. As is commonly relayed in the media, the frequency of cyberattacks being faced by governments, law enforcement agencies, and industry is increasing, alongside the sophistication of the techniques used. Current rules-based network intrusion detection systems are predominantly based on historic, known threat vectors and result in a very high amount of false positive alerts being generated. Intelligent, real-time, automated data processing and event categorisation is one solution that shows great promise to combat this information overload."
}