Skip to end of banner Go to start of banner

Investigation of cyber attacks

Skip to end of metadata

Description

(related to/part of theme "Information Governance & Integrity")

4. Proving the integrity

Tools/toolsets and processes for public authorities (police, customs, border control, KTK, military, etc.) for investigation of cyber attacks

Questions

What kind of toolset public authorities will need, so that it will be possible for them to (successfully) investigate ongoing or already happened cyber attack?
SOL-operations
Forensics
Incident response -processes
Planning and process to do post-mortem cyber forensic to unknown cyber threats

Anonymous
Split this to three main phases of a cyber-attacks, namely
1. Before cyber-attack: Preparedness. Building capabilities:
- planning
  avoiding dangerous job combinations (vaaralliset työyhdistelmät)
- processes
  Information Governance incl. evidence management
  incl. MIM (Major Incident Management) process
- deception (incl. honey potting)
- training
- building
- testing
- auditing
2. During cyber-attack:
- incident management process incl. MIM
- keep chain-of-custody (katkeamaton dokumentoitu käsittelyketju)
- keeping evidence intact (=authentic evidence)
- undisputed process
- sandboxing & deception
- visualization incl. AI
- analysis
  incl. is this a smoke-screen attack?
3. After cyber-attack
- root-cause analysis and forensic
  incl. post-attack analysis
  post-mortem forensic and reporting (lessons learned)
- authentic evidence
  pre-trial investigation (esitutkintaan saattaminen)
- Permalink
- Reply
- Nov 04, 2019
Anonymous
TAMK's Field Lab allows testing DoS meaning that it enables experiments on the three phases of the cyber attack mentioned above. The tests can be planned based on industry needs.
- Permalink
- Reply
- Nov 22, 2019