Deployment of the Fed4FIRE+ testbed for forensics visualization purposes

Abstract

A security incident or rule violation can be detected and documented using forensic analysis, which is made easier by preconfigured views that are enhanced with crucial data. In this paper, we present an advanced visualization mechanism for digital forensics that increases the situational awareness of a security expert by analysing and presenting security events, alarms and critical performance indicators. Using testbeds made available by Fed4FIRE+, we demonstrate an experimentation setup that simulates genuine client settings, including their varying needs and differences in size and requirements. These tests allowed for the parameterization of the variables, which led to rapid and well-documented results that could only be reached by trial and error with potential financial repercussions.