Digital forensics architecture for real-time automated evidence collection and centralization: Leveraging security lake and modern data architecture

Autor: Ahmed Wasan Saad, Mustafa AL-Ta’I Ziyad Tariq, Abegaz Tamirat, Mahmood Ghassan Sabeeh
Jazyk: angličtina
Rok vydání: 2024
Předmět:
Zdroj: Journal of Intelligent Systems, Vol 33, Iss 1, Pp 153349-64 (2024)
Druh dokumentu: article
ISSN: 2191-026X
DOI: 10.1515/jisys-2024-0109
Popis: In the face of escalating cyber threats, a real-time automated security evidence collection system for cloud-based digital forensics investigations is essential for identifying and mitigating malicious activities. However, the substantial volumes of data generated by modern cloud-based digital systems pose difficulties in collecting and analyzing evidence promptly and systematically. To address these challenges, this research introduces an architecture that combines a security lake and a modern data lake. The primary objective of this architecture is to overcome the obstacles associated with gathering evidence from multiple cloud-based accounts and regions while ensuring the flexibility and scalability required to manage the ever-expanding data volumes encountered in cloud-based digital forensics investigations. This work focuses on gathering security events from multiple accounts and regions within a cloud environment in real-time while maintaining the integrity of the evidence and storing them in lakes, providing investigators with the flexibility to move between these lakes for analysis to get quick results. This is achieved through the utilization of security lake and modern data architecture. To validate the system, we tested it within a university system comprising numerous accounts spread across different regions within an AWS environment. Overall, the proposed system effectively gathers evidence from various sources and consolidates all data lakes into a single account. These lakes were then utilized for analyzing the evidence using Athena and Wazuh.
Databáze: Directory of Open Access Journals