Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
On Efficiency and Effectiveness of Linear Function Detection Approaches for Memory Carving Kapitel lesen Erstes Kapitel lesen

2019 | OriginalPaper | Buchkapitel

Digital Forensic Readiness Framework for Ransomware Investigation

verfasst von : Avinash Singh, Adeyemi R. Ikuesan, Hein S. Venter

Erschienen in: Digital Forensics and Cyber Crime

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Over the years there has been a significant increase in the exploitation of the security vulnerabilities of Windows operating systems, the most severe threat being malicious software (malware). Ransomware, a variant of malware which encrypts files and retains the decryption key for ransom, has recently proven to become a global digital epidemic. The current method of mitigation and propagation of malware and its variants, such as anti-viruses, have proven ineffective against most Ransomware attacks. Theoretically, Ransomware retains footprints of the attack process in the Windows Registry and the volatile memory of the infected machine. Digital Forensic Readiness (DFR) processes provide mechanisms for the pro-active collection of digital footprints. This study proposed the integration of DFR mechanisms as a process to mitigate Ransomware attacks. A detailed process model of the proposed DFR mechanism was evaluated in compliance with the ISO/IEC 27043 standard. The evaluation revealed that the proposed mechanism has the potential to harness system information prior to, and during a Ransomware attack. This information can then be used to potentially decrypt the encrypted machine. The implementation of the proposed mechanism can potentially be a major breakthrough in mitigating this global digital endemic that has plagued various organizations. Furthermore, the implementation of the DFR mechanism implies that useful decryption processes can be performed to prevent ransom payment.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel AndroParse - An Android Feature Extraction Framework and Dataset
Nächstes Kapitel Forensics Analysis of an On-line Game over Steam Platform
Fußnoten
Literatur
1.
Logen, S., Höfken, H., Schuba, M.: Simplifying RAM forensics: a GUI and extensions for the volatility framework. In: Proceedings of the 2012 7th International Conference on Availability, Reliability and Security, ARES 2012, pp. 620–624 (2012)
2.
Hargreaves, C., Chivers, H.: Recovery of encryption keys from memory using a linear scan. In: Proceedings of the 3rd International Conference on Availability, Reliability and Security, ARES 2008, pp. 1369–1376, March 2008
3.
4.
5.
6.
Tailor, J.P., Patel, A.D.: A comprehensive survey: ransomware attacks prevention, monitoring and damage control. Int. J. Res. Sci. Innov. 4, 2321–2705 (2017)
7.
8.
9.
10.
Damshenas, M., Dehghantanha, A., Mahmoud, R.: A survey on malware propagation, analysis and detection. Int. J. Cyber-Security Digit. Forensics 2(4), 10–29 (2013)
11.
Gandotra, E., Bansal, D., Sofat, S.: Malware threat assessment using fuzzy logic paradigm. Cybern. Syst. 48(1), 29–48 (2017)CrossRef
12.
O’Brien, D.: Internet Security Threat Report - Ransomware 2017. In: Symantec, p. 35 (2017)
13.
Savage, K., Coogan, P., Lau, H.: Information resources. Res. Manag. 54(5), 59–63 (2011)
14.
Stone-Gross, B., Cova, M., Gilbert, B., Kemmerer, R., Kruegel, C., Vigna, G.: Analysis of a Botnet takeover. IEEE Secur. Priv. 9(1), 64–72 (2011)CrossRef
15.
United States Government, How to Protecting Your Networks from Ransomware, pp. 2–8 (2016)
16.
Rad, B., Masrom, M., Ibrahim, S.: Camouflage in malware: from encryption to metamorphism. Int. J. Comput. Sci. Netw. Secur. 12(8), 74–83 (2012)
17.
Campbell, S., Chan, S., Lee, J.R.: Detection of fast flux service networks. Conf. Res. Pract. Inf. Technol. Ser. 116, 57–66 (2011)
18.
19.
Okane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. IEEE Secur. Priv. 9(5), 41–47 (2011)CrossRef
20.
21.
Ehrenfeld, J.M.: WannaCry, cybersecurity and health information technology: a time to act. J. Med. Syst. 41(7), 104 (2017)CrossRef
22.
23.
Sophos, Stopping Fake Antivirus: How to Keep Scareware Off Your Network (2011)
24.
Ikuesan, A.R., Venter, H.S.: Digital forensic readiness framework based on behavioral-biometrics for user attribution, vol. 1, pp. 54–59 (2017)
25.
ISO 27043, International Standard ISO/IEC 27043: Information technology — Security techniques — Incident investigation principles and processes, vol. 2015 (2015)
26.
Kaplan, B.: RAM is key: extracting disk encryption keys from volatile memory, p. 20 (2007)
27.
Basu, A., Gandhi, J., Chang, J., Hill, M.D., Swift, M.M.: Efficient virtual memory for big memory servers. In: Proceedings of the 40th Annual International Symposium on Computer Architecture, ISCA 2013, pp. 237–248 (2013)
28.
Pomeranz, H.: Detecting malware with memory forensics why memory forensics? Everything in the OS traverses RAM, pp. 1–27 (2012)
29.
Olajide, F., Savage, N.: On the extraction of forensically relevant information from physical memory. In: IEEE World Congress on Internet Security, pp. 248–252 (2011)
30.
Maartmann-Moe, C., Thorkildsen, S.E., Årnes, A.: The persistence of memory: forensic identification and extraction of cryptographic keys. Digit. Investig. 6, 132–140 (2009)CrossRef
31.
Adomavicius, G., Tuzhilin, A.: Context-aware recommender systems. In: Recommender Systems Handbook, 2nd edn., pp. 191–226 (2015)CrossRef
32.
Hausknecht, K., Foit, D., Burić, J.: RAM data significance in digital forensics. In: 2015 38th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2015, pp. 1372–1375, May 2015
33.
Patil, D.N., Meshram, B.B.: Extraction of forensic evidences from windows volatile memory. In: 2017 2nd International Conference for Convergence in Technology (I2CT), pp. 421–425 (2017)
34.
Alghafli, K., Jones, A., Martin, T.: Forensic analysis of the Windows 7 registry. J. Digit. Forensics Secur. Law 5(4), 5–30 (2010)
35.
Lallie, H.S., Briggs, P.J.: Windows 7 registry forensic evidence created by three popular BitTorrent clients. Digit. Investig. 7(3–4), 127–134 (2011)CrossRef
36.
Reddy, K., Venter, H.S.: The architecture of a digital forensic readiness management system. Comput. Secur. 32, 73–89 (2013)CrossRef
37.
Mohlala, M., Adeyemi, I.R., Venter, H.S.: User attribution based on keystroke dynamics in digital forensic readiness process. In: IEEE Conference on Applications, Information and Network Security (AINS), pp. 124–129 (2017)
38.
Valjarevic, A., Venter, H.S.: Towards a digital forensic readiness framework for public key infrastructure systems. In: 2011 Information Security South Africa, pp. 1–10 (2011)
39.
Kebande, V.R., Venter, H.S.: On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges. Aust. J. Forensic Sci. 50(2), 209–238 (2018)CrossRef
40.
Kebande, V.R., Karie, N.M., Venter, H.S.: Adding digital forensic readiness as a security component to the IoT domain. Int. J. Adv. Sci. Eng. Inf. Technol. 8(1), 1 (2018)CrossRef
41.
Dolan-Gavitt, B.: Forensic analysis of the Windows registry in memory. Digit. Investig. 5, 26–32 (2008)CrossRef
Metadaten
Titel
Digital Forensic Readiness Framework for Ransomware Investigation
verfasst von
Avinash Singh
Adeyemi R. Ikuesan
Hein S. Venter
Copyright-Jahr
2019
Buch
Digital Forensics and Cyber Crime

Print ISBN: 978-3-030-05486-1

Electronic ISBN: 978-3-030-05487-8

Copyright-Jahr: 2019

DOI
https://doi.org/10.1007/978-3-030-05487-8_5