Cyber Event Artifact Investigation Training in a Virtual Environment
Abstract
The Internet has created many new technology advances that make everyday life easier and more efficient. However, technology has also enabled new attack capabilities and platforms that have the potential to cripple Department of Defense (DOD) and civilian information systems and cyber infrastructure. In order to minimize damages these threats could cause, the DOD needs well-trained operators and skilled cyber incident first responders at the helm. The first portion of this research focused on identifying operating system artifacts that give first responders the best information with which to identify if a cyber incident has occurred, or is occurring, and to determine the type of incident. The second portion of this research focused on developing virtual environments where students can participate in guided training and challenge labs. These labs can train system operators to recognize incident indicators and allow first responders to focus on collecting necessary information quickly. The Training Lab focuses on leading the student through an investigation of each designated artifact, while the Challenge Lab provides less guidance in order to test the students acquired skills. This partnered learning experience should lead to more proficient cyber incident reporting and should decrease the response delay between detection and recovery
Document Details
- Document Type
- Technical Report
- Publication Date
- Dec 01, 2017
- Accession Number
- AD1053369
Entities
People
- Simone M. Mims
- Tye R. Wylkynsone
Organizations
- Naval Postgraduate School