Log Analysis and Forensic Implications: The Importance of SOC and DFIR Departments in Corporate Cybersecurity and Related Case Study
Simone Costanzi
Log Analysis and Forensic Implications: The Importance of SOC and DFIR Departments in Corporate Cybersecurity and Related Case Study.
Rel. Andrea Atzeni. Politecnico di Torino, Corso di laurea magistrale in Cybersecurity, 2025
|
Preview |
PDF (Tesi_di_laurea)
- Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives. Download (8MB) | Preview |
Abstract
In recent years, cybersecurity has assumed a strategic and essential role for public and private organizations and is no longer seen simply as an added value, as it was in the past. This paper analyzes the importance of the Security Operation Center (SOC) and Digital Forensics and Incident Response (DFIR) departments in corporate cybersecurity, highlighting their contribution to the prevention, detection, and management of security incidents. The paper is divided into three main sections: a first theoretical section dedicated to the historical and technological evolution of defense and analysis tools (EDR, XDR, SIEM, SOAR); a second section describes the evolution of DFIR and provides a regulatory overview, focusing on the issues of Cloud Forensics; and, in the end, the applied section describes an example of forensic analysis.
The theoretical path describes the evolution of log analysis: from the first approaches based on pattern matching and rule-based detection to modern anomaly detection and machine learning models
Tipo di pubblicazione
URI
 |
Modifica (riservato agli operatori) |
