Evaluation of live forensic techniques in ransomware attack mitigation
- Submitting institution
-
Edinburgh Napier University
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 2657141
- Type
- D - Journal article
- DOI
-
10.1016/j.fsidi.2020.300979
- Title of journal
- Forensic Science International: Digital Investigation
- Article number
- 300979
- First page
- 300979
- Volume
- 33
- Issue
- -
- ISSN
- 2666-2817
- Open access status
- Compliant
- Month of publication
- May
- Year of publication
- 2020
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
-
- Research group(s)
-
-
- Citation count
- 1
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- This work developed a new method for ransomware attack detection and mitigation, applying live forensic analysis methods to detect and extract ransomware keys from the memory of a victim’s system during the ransomware execution phase. While the ransomware is executing and the victim’s files were being encrypted, cryptographic keys are extracted and can then be used to decrypt the files post attack. The work led to a PhD project to further research in this important area of ransomware detection and mitigation. A new journal paper has already been submitted.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -