Comparison Study of Digital Forensics Analysis Techniques; Findings versus Resources

Recently, digital forensics analysis got a great attention in IT security. This is especially after cyber incidents are getting new form of organized crime which introduced Advanced Persistent Threats (APT), and hacking Kill Chain definitions. The threat intense rises when it is affecting the healthcare organization where it will be life-threatening. Handling such incidents is a great challenge for handlers to uncover the attack steps. With various sources of evidential data that require analysis, one analysis technique can be more beneficial than another, comparing to the time and resources invested in each one. Analysis speed and precise results, helps in creating unique attack's Indicators of Compromise faster. Which helps in containing incidents in such critical environments with lowest lose. The intent of this paper is to compare qualitatively outputs from different analysis techniques; memory, super timeline and live analysis on the same incident to help figuring out which technique can be more appropriate under different circumstances. (C) 2018 The Authors. Published by Elsevier Ltd.