Advanced Techniques for Security Incident Analysis

Advanced Techniques for Security Incident Analysis

연구 분야: Safety

학회: 2024 11th International Conference on Wireless Networks and Mobile Communications (WINCOM)

Digital transformation exposes companies to nu-merous security threats, including security incidents. Therefore, safeguarding sensitive data, preventing intrusions, and detecting security incidents are significant challenges for organizations. This is why our research is centered around employing advanced techniques to analyze and comprehend security incidents. The primary aim of our research is to identify the attack methods utilized by malicious individuals and evaluate the poten-tial ramifications on the system, with a specific focus on detecting and identifying malware responsible for system compromise. To accomplish this objective, we will develop a forensic arsenal tool designed to gather Windows artifacts without requiring a full disk image or relying on conventional forensic techniques. Then ensure seamless integration of the tool's output into a Security Information and Event Management (SIEM) system to enhance visibility and conduct in-depth analysis of the collected data. Subsequently, we will provide scripts that analyze the output and Tackle the challenges posed by the time-consuming nature and the requirement for an incident response expert in the SIEM approach.