Log Analysis and Forensic Implications: The Importance of SOC and DFIR Departments in Corporate Cybersecurity and Related Case Study

Simone Costanzi

Log Analysis and Forensic Implications: The Importance of SOC and DFIR Departments in Corporate Cybersecurity and Related Case Study.

Rel. Andrea Atzeni. Politecnico di Torino, Master of science program in Cybersecurity, 2025

Preview

PDF (Tesi_di_laurea) - Thesis
Licence: Creative Commons Attribution Non-commercial No Derivatives.
Download (8MB) | Preview

Abstract

In recent years, cybersecurity has assumed a strategic and essential role for public and private organizations and is no longer seen simply as an added value, as it was in the past. This paper analyzes the importance of the Security Operation Center (SOC) and Digital Forensics and Incident Response (DFIR) departments in corporate cybersecurity, highlighting their contribution to the prevention, detection, and management of security incidents. The paper is divided into three main sections: a first theoretical section dedicated to the historical and technological evolution of defense and analysis tools (EDR, XDR, SIEM, SOAR); a second section describes the evolution of DFIR and provides a regulatory overview, focusing on the issues of Cloud Forensics; and, in the end, the applied section describes an example of forensic analysis.

The theoretical path describes the evolution of log analysis: from the first approaches based on pattern matching and rule-based detection to modern anomaly detection and machine learning models