Investigation of cyber incidents in the corporate information system based on Autopsy and Volatility solutions
DOI: 10.31673/2409-7292.2022.022229
DOI:
https://doi.org/10.31673/2409-7292.2022.022229Abstract
This article provides information on basic investigation methods for any organization based on Autopsy and Volatility solutions. Possible sources of data and the difficulty of extracting certain information from them are analyzed. General recommendations for conducting investigations are offered. The considered tools and the process of analyzing the received data.
Keywords: cyber incident, threat, analysis, security, forensics, search for evidence, attacker, investigation.
References
1. The Future of Digital Forensics: Challenges and the Road Ahead. [Електронний ресурс] – Режим доступу до ресурсу: https://www.researchgate.net/publication/319998952_The_Future_of_Digital _Forensics_Challenges_and_the_Road_Ahead.
2. Дамп ОЗУ. [Електронний ресурс] – Режим доступу до ресурсу: https://archive.org/download/Africa-DFIRCTF-2021-WK02/20210430-Win10Home-20H2-64bit-memdump.mem.7z.
3. Що таке кущ реєстру? [Електронний ресурс] – Режим доступу до ресурсу: https://www.lifewire.com/what-is-a-registry-hive-2625986.
4. Образ диску. [Електронний ресурс] – Режим доступу до ресурсу: https://dfir.science/assets/data/SuspectData.dd.zip.
5. Образ диску. [Електронний ресурс] – Режим доступу до ресурсу: https://archive.org/download/africa-dfirctf-2021-WK01/africa-dfirctf-2021-WK01_archive.torrent.
6. Prefetch файли. [Електронний ресурс] – Режим доступу до ресурсу: https://www.sciencedirect.com/topics/computer-science/prefetch.
7. Shellbags. [Електронний ресурс] – Режим доступу до ресурсу: https://medium.com/ce-digital-forensics/shellbag-analysis-18c9b2e87ac7.
