Effective Management of Rapid Intervention, Investigation, Analysis and Reporting Processes in Computer Crimes with NewGeneration Digital Forensic Methods


Creative Commons License

Alkan A. O., DOĞRU İ. A., ATACAK İ.

JOURNAL OF POLYTECHNIC-POLITEKNIK DERGISI, 2024 (ESCI) identifier

Abstract

The exponential growth in attack vector volume and speed, the rapid increase in computer crimes, and huge volumes of enterprise attack surface and data to be managed have led to the recognition that 100% prevention of breaches in individual and corporate cybersecurity is no longer a realistic expectation. With traditional digital forensic approaches, the process of collecting and creating digital evidence, such as getting the disk image, examining and reporting, can be quite time-consuming and difficult to the incident response quickly, depending on the size of the data. For example, on average, getting an image of harddisk which includes 20 terabyte capacity, takes 2 days of time. As a solution, with a special digital forensic tool such as Binalyze AIR, collecting only evidentiary documents (Disk Proof, Proof of Memory, Proof of Scanner, Proof of NTFS, Proof of Log, Proof of Network, Proof of Event Logs, Proof of WMI, Proof of Process Execution, etc.), hashing all evidence and automatically generating preliminary report will allow this process to be completed in a much shorter time. It provides effective management of crime scene investigation and fast response to computer crimes, investigation, analysis and reporting processes blocked with traditional digital forensic methods and offers an innovative solution to the scientific literature. This study presents results obtained by using new-generation digital forensic methods (Binalyze AIR and Binalyze Tactical software) in comparison with traditional digital forensic methods.