The Role of Computer Forensics in Network Security Incident Handling: A Systematic Review

The Role of Computer Forensics in Network Security Incident Handling: A Systematic Review

연구 분야: Safety

학회: 2024 IEEE Eleventh International Conference on Communications and Networking (ComNet)

This systematic review investigates the utilization and use of computer forensics to aid in finding and recovery processes for network security incident response teams. The wide-ranging search found 40 recent studies in 2010–2023, which were qualitative analyses made by thematic analysis. Important findings show how convenient computer forensics are, especially in preserving digital evidence, generating timelines for attacks, revealing the vulnerabilities that were exploited, attributing bad actors and incorporating the discoveries in an enhanced mitigation strategy. Nevertheless, the discussion also refers to various challenges that are associated with incorporating forensic techniques during live response, anti-forensic tactics, technicality, resource constraints, and legalities. The review synthesis supports the indispensable nature of computer forensics to incident response, yet more effort is needed in dancing it to fit the workflow and for better integration with other response processes.