Threat Landscape Expansion During Covid-19: Remote Incident Response Handling
9TH INTERNATIONAL SYMPOSIUM ON DIGITAL FORENSICS AND SECURITY (ISDFS'21)(2021)
摘要
This paper provides an automated remote incident handling solution for an Information Security organization that rushed to become work-from-home type businesses because of Covid-19. This paper demonstrates a suitable solution to solve two separate problems. The first problem is to develop a method to enhance both incident response and threat hunting remotely. This is accomplished by developing a triggering mechanism based on the Microsoft Windows Defender antivirus system. The trigger subsequently executes a snapshot of the workstations condition for use by the cybersecurity professionals to determine if this is a false positive or a true positive event. The second problem attempted to solve the issue is to create a local logging mechanism to assist with basic forensics analysis of the remote worker's activity. In a typical enterprise environment, this solution can be utilized efficiently by either a remote desktop protocol or by simply physically picking up the device for further analysis.
更多查看译文
关键词
digital,forensics,privacy,law
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要