The Investigation and Intelligence Framework aims at facilitating the following functions:
- Import evidence data to our engine, for example Memory Dump, Registry and URLs
- Our system grabs the data but not limited to IP Addresses, Domains, Emails Addresses.
- The data grabbed is fed to our intelligence Engine and give birth of the following information, working out threat forecasting:
- Timelining
- Relevance/Confidence Level
- Activities Correlation
- The demo is the prototype of Investigation Intelligence Framework
- Memory dump is imported, it further digs out the detected URLs from the IP Address
- The VirusTotal API finds the one of the IP Addresses which is suspicious
The Investigation and Intelligence Framework is a on-going research in our team.
No comments:
Post a Comment