Support Tool Selection in Digital Forensics Training

Support Tool Selection in Digital Forensics Training

연구 분야: Safety

학회: International Conference on Ubiquitous Security

One of the most common challenges for digital forensic investigations is the selection of suitable analysis tools in an ever-changing environment. In recent years, live digital forensic investigations are emerging throughout organizations due to Advanced Persistent Threats (APT). At the same time, the variety and availability of digital forensic tools expand rapidly. As there is no objective guideline to enable decision-support for tool selection, forensic analysts mostly rely on their experience. They apply tools they are familiar with, although, these tools might not be the most suitable ones for the analysis task at hand. We propose a concept that enables a well-considered tool selection for experts based on desired tool characteristics. The concept supports training the right tool selection to be forensically ready for future investigations and to structure cybersecurity knowledge within an organization. To evaluate our approach, we apply the concept to a use case and demonstrate its application and performance.