Analysis of Digital Forensic Artifacts Data Enrichment Mechanism for Cyber Threat Intelligence

Abstract

Cyber attack targeting heterogeneous devices in large-scale network environments through advanced persistent threat (APT) attacks are on the rise. Therefore, in order to improve the effectiveness of the cyber incident response system, it is necessary to apply a data enrichment mechanism for the collected digital forensic artifacts data to reinforce threat analysis and detection performance. Therefore, we designed and implemented the data enrichment mechanism for cyber threat intelligent system by analyzing the existing cyber incident response framework such as SIEM, CTI based on the aggregated digital forensic artifacts. Through this, it is expected to improve the detection performance and effectiveness when using artifact data enrichment process for analyzing cyber incidents collected from heterogeneous devices.