学术文献库

The forensic investigation of cyber attacks and IT incidents is becoming increasingly difficult due to increasing complexity and intensify networking. Especially with Advanced Attacks (AT) like the increasing Advanced Persistent Threats an agile approach is indispensable. Several systems are involved in an attack (multi-host attacks). Current forensic models and procedures show considerable deficits in the process of analyzing such attacks. For this purpose, this paper presents the novel flower model, which uses agile methods and forms a new forensic management approach. In this way, the growing challenges of ATs are met. In the forensic investigation of such attacks, big data problems have to be solved due to the amount of data that needs to be analyzed. The proposed model meets this requirement by precisely defining the questions that need to be answered in an early state and collecting only the evidence usable in court proceedings that is needed to answer these questions. Additionally, the novel flower model for AT is presented that meets the different phases of an investigation process.