TY - JOUR
T1 - Forensics for multi-stage cyber incidents
T2 - Survey and future directions
AU - Nisioti, Antonia
AU - Loukas, George
AU - Mylonas, Alexios
AU - Panaousis, Emmanouil
N1 - © 2022 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
PY - 2023/3/1
Y1 - 2023/3/1
N2 - The increase in the complexity and sophistication of multi-stage cyber attacks, such as advanced persistent threats, paired with the large volume of data produced by modern systems and networks, have made forensic investigations more demanding in knowledge and resources. Thus, it is essential that cyber forensic investigators are supported to operate more efficiently, in terms of resources and evidence recovery, and cope with a wide range of cyber incidents. This paper presents a comprehensive survey of 49 works that aim to support cyber forensic investigations of modern multi-stage cyber incidents and highlights the need for decision support systems on the field. The works reviewed are compared using 11 criteria, such as their evaluation method, how they optimise the forensic process, or what stage of investigation they study. We also classify the surveyed papers using 8 categories that represent the overall aim of the proposed cyber investigation method or tool. We identify and discuss open issues, arising from this extensive survey, such as the need for realistic evaluation, as well as realistic and representative modelling to increase applicability and performance. Finally, we provide directions for future research on improving the state-of-the-art of cyber forensics.
AB - The increase in the complexity and sophistication of multi-stage cyber attacks, such as advanced persistent threats, paired with the large volume of data produced by modern systems and networks, have made forensic investigations more demanding in knowledge and resources. Thus, it is essential that cyber forensic investigators are supported to operate more efficiently, in terms of resources and evidence recovery, and cope with a wide range of cyber incidents. This paper presents a comprehensive survey of 49 works that aim to support cyber forensic investigations of modern multi-stage cyber incidents and highlights the need for decision support systems on the field. The works reviewed are compared using 11 criteria, such as their evaluation method, how they optimise the forensic process, or what stage of investigation they study. We also classify the surveyed papers using 8 categories that represent the overall aim of the proposed cyber investigation method or tool. We identify and discuss open issues, arising from this extensive survey, such as the need for realistic evaluation, as well as realistic and representative modelling to increase applicability and performance. Finally, we provide directions for future research on improving the state-of-the-art of cyber forensics.
KW - Advanced persistent threats
KW - Anti-forensics
KW - Cyber forensics
KW - Digital forensics
KW - Multi-stage attacks
KW - Review
KW - Survey
UR - http://www.scopus.com/inward/record.url?scp=85145262956&partnerID=8YFLogxK
U2 - 10.1016/j.fsidi.2022.301480
DO - 10.1016/j.fsidi.2022.301480
M3 - Review article
AN - SCOPUS:85145262956
SN - 2666-2825
VL - 44
JO - Forensic Science International: Digital Investigation
JF - Forensic Science International: Digital Investigation
M1 - 301480
ER -