Digital forensic readiness framework for ransomware investigation

Show simple item record Singh, Avinash Ikuesan, Adeyemi Richard Venter, H.S. (Hein) 2019-01-22T10:50:14Z 2019-01-22T10:50:14Z 2019
dc.description.abstract Over the years there has been a significant increase in the exploitation of the security vulnerabilities of Windows operating systems, the most severe threat being malicious software (malware). Ransomware, a variant of malware which encrypts files and retains the decryption key for ransom, has recently proven to become a global digital epidemic. The current method of mitigation and propagation of malware and its variants, such as anti-viruses, have proven ineffective against most Ransomware attacks. Theoretically, Ransomware retains footprints of the attack process in the Windows Registry and the volatile memory of the infected machine. Digital Forensic Readiness (DFR) processes provide mechanisms for the pro-active collection of digital footprints. This study proposed the integration of DFR mechanisms as a process to mitigate Ransomware attacks. A detailed process model of the proposed DFR mechanism was evaluated in compliance with the ISO/IEC 27043 standard. The evaluation revealed that the proposed mechanism has the potential to harness system information prior to, and during a Ransomware attack. This information can then be used to potentially decrypt the encrypted machine. The implementation of the proposed mechanism can potentially be a major breakthrough in mitigating this global digital endemic that has plagued various organizations. Furthermore, the implementation of the DFR mechanism implies that useful decryption processes can be performed to prevent ransom payment. en_ZA
dc.description.department Computer Science en_ZA
dc.description.librarian hj2019 en_ZA
dc.description.uri en_ZA
dc.identifier.citation Singh, A., Ikuesan, A.R. & Venter, H.S. 2019, 'Digital forensic readiness framework for ransomware investigation', Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, vol. 259, pp. 91-105. en_ZA
dc.identifier.issn 1867-8211 (print)
dc.identifier.issn 1867-822X (online)
dc.identifier.other 10.1007/978-3-030-05487-8_5
dc.language.iso en en_ZA
dc.publisher Springer en_ZA
dc.rights © ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2019. Published by Springer Nature Switzerland AG 2019. All rights reserved. The original publication is available at en_ZA
dc.subject Windows forensics en_ZA
dc.subject Digital forensic readiness (DFR) en_ZA
dc.subject Ransom forensics en_ZA
dc.subject Memory en_ZA
dc.subject Registry en_ZA
dc.subject Investigation en_ZA
dc.title Digital forensic readiness framework for ransomware investigation en_ZA
dc.type Postprint Article en_ZA

Files in this item

This item appears in the following Collection(s)

Show simple item record