Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A Digital Forensic Readiness Approach for Ransomware Forensics
Dissertation (MSc)--University of Pretoria, 2019.
Saved in:
| Other Authors: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
University of Pretoria
2020
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613448899133440 |
|---|---|
| access_status_str | Open Access |
| author2 | Venter, Hein S. |
| author_browse | Venter, Hein S. |
| author_facet | Venter, Hein S. |
| collection | Thesis |
| dc_rights_str_mv | © 2019 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| description | Dissertation (MSc)--University of Pretoria, 2019. |
| format | Thesis |
| id | oai:repository.up.ac.za:2263/75610 |
| institution | University of Pretoria (South Africa) |
| language | English |
| last_indexed | 2026-06-10T12:36:19.085Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UPSpace — University of Pretoria Institutional Repository |
| publishDate | 2020 |
| publishDateRange | 2020 |
| publishDateSort | 2020 |
| publisher | University of Pretoria |
| publisherStr | University of Pretoria |
| record_format | dspace |
| source_str | UPSpace — University of Pretoria Institutional Repository |
| spelling | oai:repository.up.ac.za:2263/75610 A Digital Forensic Readiness Approach for Ransomware Forensics Venter, Hein S. asingh@cs.up.ac.za Ikuesan, Adeyemi Richard Singh, Avinash UCTD Digital Forensic Readiness Ransomware Forensics Incident Response Evidence Preservation Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 Dissertation (MSc)--University of Pretoria, 2019. Computers play a vital role in the automation of tedious tasks in our everyday lives. With the adoption of the advances in technology, there is a significant increase in the exploitation of security vulnerabilities, particularly in Windows computing environments. These exploitations are mostly carried out by malicious software (malware). Ransomware, a variant of malware which encrypts user files and retains the decryption key for ransom. Ransomware has shown its dominance over the years wreaking havoc to many organizations and users. This global digital epidemic is continuously on the rise with no signs of being eradicated. The current method of mitigation and propagation of malware and its variants, such as anti-viruses, have proven ineffective against most ransomware attacks. Theoretically, Ransomware retains footprints of the attack process in the Windows Registry as well as volatile memory of the infected machine. With the adoption of Digital Forensic Readiness (DFR) processes organizations can better prepare for these types of attacks. DFR provides mechanisms for pro-active collection of digital artifacts. These artifacts play a vital role when a digital investigation is conducted where these artifacts may not be available post-incident. The availability of such artifacts can be attributed to the anti-forensic properties of the ransomware itself cleaning up all the evidence before it can be investigated. Ransomware investigation often to a lengthy process because security researchers need to disassemble and reverse engineer the ransomware in order to find a inherit flaw in the malware. In some cases, the ransomware is not available post-incident which makes it more difficult. Therefore, study proposed a framework with the integration of DFR mechanisms as a process to mitigate ransomware attacks whilst maximizing Potential Digital Evidence (PDE) collection. The proposed framework was evaluated in compliance with the ISO/IEC 27043 standard as well as expert review using two prototype tools. These prototype tools realize the framework by providing a proof of concept implementation of such a framework within an organization. The evaluation revealed that the proposed framework has the potential to harness system information prior to, and during a ransomware attack. This information can then be used to help forensic investigators to potentially decrypt the encrypted machine, as well as providing automated analysis of the ransomware relieving the burden of complicated analysis. The implementation of the proposed framework can potentially be a major breakthrough in mitigating this global digital endemic that has plagued various organizations. bs2026 Computer Science MSc (Computer Science) Unrestricted SDG-09: Industry, innovation and infrastructure SDG-16: Peace, justice and strong institutions 2020-08-07T11:13:24Z 2020-08-07T11:13:24Z 2020 2019 Dissertation Singh, A 2019, A Digital Forensic Readiness Approach for Ransomware Forensics, MSc (Computer Science) Dissertation, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/75610> A2020 http://hdl.handle.net/2263/75610 en © 2019 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. application/pdf University of Pretoria |
| spellingShingle | UCTD Digital Forensic Readiness Ransomware Forensics Incident Response Evidence Preservation Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 A Digital Forensic Readiness Approach for Ransomware Forensics |
| title | A Digital Forensic Readiness Approach for Ransomware Forensics |
| title_full | A Digital Forensic Readiness Approach for Ransomware Forensics |
| title_fullStr | A Digital Forensic Readiness Approach for Ransomware Forensics |
| title_full_unstemmed | A Digital Forensic Readiness Approach for Ransomware Forensics |
| title_short | A Digital Forensic Readiness Approach for Ransomware Forensics |
| title_sort | digital forensic readiness approach for ransomware forensics |
| topic | UCTD Digital Forensic Readiness Ransomware Forensics Incident Response Evidence Preservation Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 |
| url | http://hdl.handle.net/2263/75610 |