Forensic Analysis of Advanced Persistent Threat Attacks in Cloud Environments - Advances in Digital Forensics XVI
Conference Papers Year : 2020

Forensic Analysis of Advanced Persistent Threat Attacks in Cloud Environments

Abstract

Cloud forensic investigations involve large volumes of diverse devices and data. Investigations involving advanced persistent threat attacks involve filtering noisy data and using expert knowledge to identify the missing steps in the attacks that typically have long time spans. Under such circumstances, obtaining timely and credible forensic results is a challenge.This chapter engages a case study to demonstrate how MITRE’s ATT&CK knowledge base and Lockheed Martin’s Cyber Kill Chain methodology can be used in conjunction to perform forensic analyses of advanced persistent threat attacks in cloud environments. ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques developed from real-world observations of attacks. The Cyber Kill Chain methodology describes a series of steps that trace a cyber attack from its early reconnaissance stage to the later data exfiltration stage. Because advanced persistent threat attacks on cloud systems involve the key Cyber Kill Chain phases of reconnaissance, command and control communications, privilege escalation, lateral movement through a network and exfiltration of confidential information, it is beneficial to combine the ATT&CK knowledge base and Cyber Kill Chain methodology to identify and aggregate evidence, and automate the construction of the attack steps.
Fichier principal
Vignette du fichier
503209_1_En_9_Chapter.pdf (208.52 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03657230 , version 1 (02-05-2022)

Licence

Identifiers

Cite

Changwei Liu, Anoop Singhal, Duminda Wijesekera. Forensic Analysis of Advanced Persistent Threat Attacks in Cloud Environments. 16th IFIP International Conference on Digital Forensics (DigitalForensics), Jan 2020, New Delhi, India. pp.161-180, ⟨10.1007/978-3-030-56223-6_9⟩. ⟨hal-03657230⟩
66 View
221 Download

Altmetric

Share

More