Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A robust intelligent readiness framework for ransomware forensics
Thesis (PhD (Computer Science))--University of Pretoria, 2025.
Saved in:
| Other Authors: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
University of Pretoria
2025
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613716838612992 |
|---|---|
| access_status_str | Open Access |
| author2 | Venter, Hein S. |
| author_browse | Venter, Hein S. |
| author_facet | Venter, Hein S. |
| collection | Thesis |
| dc_rights_str_mv | © 2024 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| description | Thesis (PhD (Computer Science))--University of Pretoria, 2025. |
| format | Thesis |
| id | oai:repository.up.ac.za:2263/103656 |
| institution | University of Pretoria (South Africa) |
| language | English |
| last_indexed | 2026-06-10T12:40:34.602Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UPSpace — University of Pretoria Institutional Repository |
| publishDate | 2025 |
| publishDateRange | 2025 |
| publishDateSort | 2025 |
| publisher | University of Pretoria |
| publisherStr | University of Pretoria |
| record_format | dspace |
| source_str | UPSpace — University of Pretoria Institutional Repository |
| spelling | oai:repository.up.ac.za:2263/103656 A robust intelligent readiness framework for ransomware forensics Venter, Hein S. tashan.avi@gmail.com Ikuesan, Adeyemi Richard Singh, Avinash UCTD Sustainable Development Goals (SDGs) Ransomware forensics Ransomware detection Machine learning Digital forensic readiness Thesis (PhD (Computer Science))--University of Pretoria, 2025. Ransomware attacks have become a prominent and persistent threat in the modern digital ecosystem, targeting critical systems, disrupting business operations, and inflicting significant financial and reputational damage. As attackers develop increasingly sophisticated methods to evade detection, conventional forensic approaches struggle to keep pace. Key challenges include the inability of current digital forensic investigation techniques to efficiently identify and extract relevant digital artefacts, identify the presence of redundant and irrelevant data that hinders storage optimisation, and address the lack of robust categorisation mechanisms for digital evidence. Furthermore, attackers often exploit vulnerabilities in forensic readiness, tampering with or erasing critical evidence to cover their tracks. This situation is intensified by the dynamic nature of ransomware, which continuously evolves to bypass static detection mechanisms. This adaptive and sophisticated nature of ransomware has rendered many conventional detection and forensic approaches insufficient. This thesis introduces a robust Intelligent Ransomware Readiness Framework (IRRF), a proactive, intelligence-driven model designed to address the critical gaps in ransomware, namely detection, analysis, and forensic readiness. The proposed framework leverages Artificial Intelligence (AI) to address these challenges, offering a novel, scalable and adaptive solution. The framework can identify key ransomware functions, even in cases of zero-day or previously unseen ransomware variants. In addition to ransomware detection and analysis, the IRRF emphasises secure evidence storage to support digital forensic readiness. Recognising that attackers often attempt to alter or erase forensic artefacts, the proposed model incorporates robust security measures, including integrity checks, environment sandboxing, encryption, two-factor authentication, storage optimisation, lossless compression, and deduplication of data. These measures ensure proper handling of the chain of custody, preservation of evidence integrity, and safeguarding sensitive data from unauthorised access or tampering. The machine learning detection models created in this research were able to accurately detect ransomware with a 98.33% accuracy using an optimisable weighted algorithm, while providing meaningful insight into the execution capabilities of an executable. The secure storage mechanism developed in this research also minimized storage constraints by reducing the storage required by approximately 38% making it scalable and reducing costs. Furthermore, the framework was evaluated in compliance with the ISO/IEC 27043 international standard. The prototype was evaluated based on the NIST Computer Forensic Tool Testing (CFTT) program and several software engineering techniques such as static code analysis and vulnerability scanning. The IRRF also addresses the broader challenge of balancing forensic readiness with practical applicability. By adopting artificial intelligence as a foundational element, the framework ensures scalability and adaptability to the rapidly evolving tactics of ransomware attacks. By enhancing digital forensic readiness and securing critical digital evidence, this framework contributes to advancing the state of ransomware forensics, providing organisations and security practitioners with the tools necessary to fortify their defences, respond to incidents effectively, and secure their digital assets in an ever-evolving threat landscape. Computer Science PhD (Computer Science) Unrestricted Faculty of Engineering, Built Environment and Information Technology SDG-16: Peace,justice and strong institutions SDG-09: Industry, innovation and infrastructure 2025-07-29T09:22:52Z 2025-07-29T09:22:52Z 2025-09 2025-01 Thesis * S2025 http://hdl.handle.net/2263/103656 https://doi.org/10.25403/UPresearchdata.29660882.v1 https://doi.org/10.25403/UPresearchdata.29660882 en © 2024 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. application/pdf University of Pretoria |
| spellingShingle | UCTD Sustainable Development Goals (SDGs) Ransomware forensics Ransomware detection Machine learning Digital forensic readiness A robust intelligent readiness framework for ransomware forensics |
| title | A robust intelligent readiness framework for ransomware forensics |
| title_full | A robust intelligent readiness framework for ransomware forensics |
| title_fullStr | A robust intelligent readiness framework for ransomware forensics |
| title_full_unstemmed | A robust intelligent readiness framework for ransomware forensics |
| title_short | A robust intelligent readiness framework for ransomware forensics |
| title_sort | robust intelligent readiness framework for ransomware forensics |
| topic | UCTD Sustainable Development Goals (SDGs) Ransomware forensics Ransomware detection Machine learning Digital forensic readiness |
| url | http://hdl.handle.net/2263/103656 https://doi.org/10.25403/UPresearchdata.29660882.v1 https://doi.org/10.25403/UPresearchdata.29660882 |