Real-Time Automated Forensic Evidence Collection in Critical Systems: Leveraging Advanced Network Monitoring Tools for Enhanced Cybersecurity Incident Response
Pierfrancesco Elia
Real-Time Automated Forensic Evidence Collection in Critical Systems: Leveraging Advanced Network Monitoring Tools for Enhanced Cybersecurity Incident Response.
Rel. Andrea Atzeni. Politecnico di Torino, Corso di laurea magistrale in Cybersecurity, 2025
|
Preview |
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (1MB) | Preview |
Abstract
This thesis examines the convergence of network monitoring infrastructure with automated forensic evidence capture in support of improved cybersecurity incident response capabilities. The study fills the essential gap between threat detection and forensic analysis by introducing a new approach exploiting Zabbix, a publicly available open-source monitoring tool, to support real-time automated evidence capture in a forensic and legal conforming context. The research adopts a systematic approach combining the development of a theoretical framework with experimental validation by conducting controlled laboratory tests. This modular architecture consists of four individual modules, namely, Detection, Response, Acquisition, and Preservation, working through Zabbix's trigger-action mechanism while upholding forensic chain of custody requirements.
Real-world case studies are extensively illustrated, firstly a data exfiltration scenario and afterwards an unauthorized service deployment inside a trusted network
Tipo di pubblicazione
URI
 |
Modifica (riservato agli operatori) |
