A tool for assisting in the forensic investigation of cyber-security incidents

Abstract

The exponential growth of networking capabilities including the Internet of Things (IoT), has led to an outburst of cyberattacks. Many well-documented cyber-attacks have targeted critical energy infrastructures as well as any kind of cloud-based IT platforms. Early examination of critical systems’ vulnerabilities, as well as previous cyber-security incidents, are of utmost importance to prevent new ones. A thorough investigation to examine the context of the cyber-security breach can reveal facts about the source of the attack, the profile of the attacker, the resources, and the skills required and can further reveal mitigations for preventing the attack from re-appearing in the future. To safeguard critical energy infrastructures, many forensic approaches have been developed to collect, analyze, and digitalize evidence assisting in the in-depth investigation of an incident. However, up to now, the many open-source vulnerability data sources which have been developed to provide valuable information for a cyber-attack are yet to be employed to assist in forensic investigation. This paper introduces the Automated Forensic Tool, a platform that employs machine learning algorithms to combine different vulnerability data sources for facilitating the forensic procedure while minimizing the time and effort needed. A use case is also demonstrated that displays how the tool can be used towards assisting the forensic investigation of cyber-security incidents on an energy infrastructure, but the tool can also be applied to other critical energy and IT infrastructures with minor adaptations.