Exploratory Analysis of File System Metadata for Rapid
Investigation of Security Incidents

D 2020

Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

BERAN, Michal, František HRDINA, Daniel KOUŘIL, Radek OŠLEJŠEK, Kristína ZÁKOPČANOVÁ et. al.

Basic information

Original name

Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents

Authors

BERAN, Michal (203 Czech Republic, belonging to the institution), František HRDINA (203 Czech Republic, belonging to the institution), Daniel KOUŘIL (203 Czech Republic, belonging to the institution), Radek OŠLEJŠEK (203 Czech Republic, guarantor, belonging to the institution) and Kristína ZÁKOPČANOVÁ (203 Czech Republic, belonging to the institution)

Edition

Salt Lake City, US, 2020 IEEE Symposium on Visualization for Cyber Security (VizSec), p. 11-20, 10 pp. 2020

Publisher

IEEE

Other information

Language

English

Type of outcome

Proceedings paper

Field of Study

10201 Computer sciences, information science, bioinformatics

Country of publisher

United States of America

Confidentiality degree

is not subject to a state or trade secret

Publication form

electronic version available online

References:

Permalink to the IEEE archive Preprint (arxiv.org)

RIV identification code

RIV/00216224:14610/20:00116329

Organization unit

Institute of Computer Science

ISBN

978-1-7281-8262-9

DOI

http://dx.doi.org/10.1109/VizSec51108.2020.00008

UT WoS

000657259100002

Keywords in English

incident investigation; digital evidence; file system metadata; data analysis

Abstract

V originále

Investigating cybersecurity incidents requires in-depth knowledge from the analyst. Moreover, the whole process is demanding due to the vast data volumes that need to be analyzed. While various techniques exist nowadays to help with particular tasks of the analysis, the process as a whole still requires a lot of manual activities and expert skills. We propose an approach that allows the analysis of disk snapshots more efficiently and with lower demands on expert knowledge. Following a user-centered design methodology, we implemented an analytical tool to guide analysts during security incident investigations. The viability of the solution was validated by an evaluation conducted with members of different security teams.

Links

EF16_019/0000822, research and development project

Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur

MUNI/A/1411/2019, interní kód MU

Name: Aplikovaný výzkum: softwarové architektury kritických infrastruktur, bezpečnost počítačových systémů, zpracování přirozeného jazyka a jazykové inženýrství, vizualizaci velkých dat a rozšířená realita.

Investor: Masaryk University, Category A

Files attached

2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-presentation.mp4

2020-VizSec-exploratory-analysis-file-system-metadata-rapid-investigation-security-incidents-paper.pdf

Citovat

BERAN, Michal, František HRDINA, Daniel KOUŘIL, Radek OŠLEJŠEK and Kristína ZÁKOPČANOVÁ. Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents. Online. In 2020 IEEE Symposium on Visualization for Cyber Security (VizSec). Salt Lake City, US: IEEE, 2020, p. 11-20. ISBN 978-1-7281-8262-9. Available from: https://dx.doi.org/10.1109/VizSec51108.2020.00008.

@inproceedings{1677096,
   author = {Beran, Michal and Hrdina, František and Kouřil, Daniel and Ošlejšek, Radek and Zákopčanová, Kristína},
   address = {Salt Lake City, US},
   booktitle = {2020 IEEE Symposium on Visualization for Cyber Security (VizSec)},
   doi = {http://dx.doi.org/10.1109/VizSec51108.2020.00008},
   keywords = {incident investigation; digital evidence; file system metadata; data analysis},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Salt Lake City, US},
   isbn = {978-1-7281-8262-9},
   pages = {11-20},
   publisher = {IEEE},
   title = {Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents},
   url = {https://ieeexplore.ieee.org/document/9347414},
   year = {2020}
}

TY  - CONF
ID  - 1677096
AU  - Beran, Michal - Hrdina, František - Kouřil, Daniel - Ošlejšek, Radek - Zákopčanová, Kristína
PY  - 2020
TI  - Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents
PB  - IEEE
CY  - Salt Lake City, US
SN  - 9781728182629
KW  - incident investigation
KW  - digital evidence
KW  - file system metadata
KW  - data analysis
UR  - https://ieeexplore.ieee.org/document/9347414
N2  - Investigating cybersecurity incidents requires in-depth knowledge from the analyst. Moreover, the whole process is demanding due to the vast data volumes that need to be analyzed. While various techniques exist nowadays to help with particular tasks of the analysis, the process as a whole still requires a lot of manual activities and expert skills. We propose an approach that allows the analysis of disk snapshots more efficiently and with lower demands on expert knowledge. Following a user-centered design methodology, we implemented an analytical tool to guide analysts during security incident investigations. The viability of the solution was validated by an evaluation conducted with members of different security teams.
ER  -

BERAN, Michal, František HRDINA, Daniel KOUŘIL, Radek OŠLEJŠEK and Kristína ZÁKOPČANOVÁ. Exploratory Analysis of File System Metadata for Rapid Investigation of Security Incidents. Online. In \textit{2020 IEEE Symposium on Visualization for Cyber Security (VizSec)}. Salt Lake City, US: IEEE, 2020, p.~11-20. ISBN~978-1-7281-8262-9. Available from: https://dx.doi.org/10.1109/VizSec51108.2020.00008.

Přehled o publikaci