Pierfrancesco Elia
Real-Time Automated Forensic Evidence Collection in Critical Systems: Leveraging Advanced Network Monitoring Tools for Enhanced Cybersecurity Incident Response.
Rel. Andrea Atzeni. Politecnico di Torino, Master of science program in Cybersecurity, 2025
|
Preview |
PDF (Tesi_di_laurea)
- Thesis
Licence: Creative Commons Attribution Non-commercial No Derivatives. Download (1MB) | Preview |
Abstract
This thesis examines the convergence of network monitoring infrastructure with automated forensic evidence capture in support of improved cybersecurity incident response capabilities. The study fills the essential gap between threat detection and forensic analysis by introducing a new approach exploiting Zabbix, a publicly available open-source monitoring tool, to support real-time automated evidence capture in a forensic and legal conforming context. The research adopts a systematic approach combining the development of a theoretical framework with experimental validation by conducting controlled laboratory tests. This modular architecture consists of four individual modules, namely, Detection, Response, Acquisition, and Preservation, working through Zabbix's trigger-action mechanism while upholding forensic chain of custody requirements.
Real-world case studies are extensively illustrated, firstly a data exfiltration scenario and afterwards an unauthorized service deployment inside a trusted network
Relators
Academic year
Publication type
Number of Pages
Course of studies
Classe di laurea
URI
 |
Modify record (reserved for operators) |
