{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,16]],"date-time":"2026-05-16T22:38:16Z","timestamp":1778971096952,"version":"3.51.4"},"reference-count":43,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2019,6,12]],"date-time":"2019-06-12T00:00:00Z","timestamp":1560297600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2019,6,12]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title><jats:p>The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title><jats:p>This paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Findings<\/jats:title><jats:p>While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title><jats:p>The proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.<\/jats:p><\/jats:sec>","DOI":"10.1108\/ics-09-2018-0110","type":"journal-article","created":{"date-parts":[[2019,2,11]],"date-time":"2019-02-11T09:35:53Z","timestamp":1549877753000},"page":"273-291","source":"Crossref","is-referenced-by-count":15,"title":["Actionable threat intelligence for digital forensics readiness"],"prefix":"10.1108","volume":"27","author":[{"given":"Nikolaos","family":"Serketzis","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Vasilios","family":"Katos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christos","family":"Ilioudis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dimitrios","family":"Baltatzis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"George J.","family":"Pangalos","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2020092310185753100_ref001","unstructured":"Blasco, J. (2009), \u201cMalware: Exploring mutex objects\u201d, Alienvault, available at: www.alienvault.com\/blogs\/labs-research\/malware-exploring-mutex-objects (accessed 11 May 2018)."},{"key":"key2020092310185753100_ref002","volume-title":"Logging and Log Management","year":"2012","edition":"1st ed"},{"key":"key2020092310185753100_ref003","unstructured":"Danyliw, L. Meijer, J. and Demchenko, Y. (2007), \u201cRFC 5070. The incident object description exchange format\u201d, available at: https:\/\/tools.ietf.org\/html\/rfc5070"},{"key":"key2020092310185753100_ref004","first-page":"1","article-title":"Exploring the opportunities and limitations of current threat intelligence platforms","author":"ENISA","year":"2017"},{"key":"key2020092310185753100_ref005","volume-title":"ENISA Threat Landscape Report 2016","author":"European Union Agency For Network And Information Security (ENISA)","year":"2017"},{"key":"key2020092310185753100_ref006","doi-asserted-by":"crossref","first-page":"S64","DOI":"10.1016\/j.diin.2010.05.009","article-title":"Digital forensics research: the next 10 years","volume":"7","year":"2010","journal-title":"Digital Investigation"},{"key":"key2020092310185753100_ref007","first-page":"13","article-title":"Digital forensic readiness as a component of information security best practice","volume":"232","year":"2007","journal-title":"International Information Security Conference"},{"key":"key2020092310185753100_ref008","first-page":"677","article-title":"A framework to guide the implementation of proactive digital forensics in organizations","volume-title":"ARES 2010 \u2013 5th International Conference on Availability, Reliability, and Security","year":"2010"},{"key":"key2020092310185753100_ref009","unstructured":"IANA (2017), \u201cIANA IPv4 Special-Purpose address registry\u201d, available at: www.iana.org\/assignments\/iana-ipv4-special-registry\/iana-ipv4-special-registry.xhtml (accessed 7 May 2018)."},{"key":"key2020092310185753100_ref010","unstructured":"Indiana University (2017), \u201cAbout fully qualified domain names (FQDNs)\u201d, available at: https:\/\/kb.iu.edu\/d\/aiuv (accessed 8 May 2018)."},{"issue":"6","key":"key2020092310185753100_ref011","first-page":"21824","article-title":"Paper on searching and indexing using elasticsearch","volume":"6","year":"2017","journal-title":"International Journal of Engineering and Computer Science"},{"key":"key2020092310185753100_ref012","first-page":"373","article-title":"A functional architecture for cloud forensic readiness large-scale potential digital evidence analysis","volume-title":"Proceedings of the 14th European Conference on Cyber Warfare and Security 2015: ECCWS 2015","year":"2015"},{"key":"key2020092310185753100_ref013","first-page":"369","article-title":"Towards a prototype for achieving digital forensic readiness in the cloud using a distributed NMB solution","volume-title":"European Conference on Cyber Warfare and Security","year":"2016"},{"key":"key2020092310185753100_ref014","first-page":"65","article-title":"Parallel in situ indexing for data-intensive computing","volume-title":"2011 IEEE Symposium on Large Data Analysis and Visualization, IEEE","year":"2011"},{"key":"key2020092310185753100_ref015","first-page":"49","article-title":"Utilizing a NoSQL data store for scalable log analysis","volume-title":"Proceedings of the 19th International Database Engineering &#38; Applications Symposium","year":"2014"},{"key":"key2020092310185753100_ref016","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1109\/NCIA.2013.6725337","article-title":"Security analytics: big data analytics for cybersecurity: a review of trends, techniques and tools","volume-title":"2013 2nd National Conference on Information Assurance (NCIA)","year":"2013"},{"key":"key2020092310185753100_ref017","first-page":"1","article-title":"Network intrusion detection: half a kingdom for a good dataset","volume-title":"ECCWS 2017 16th European Conference on Cyber Warfare and Security","year":"2017"},{"key":"key2020092310185753100_ref018","unstructured":"Mandiant Corporation (2013), \u201cOpenIOC\u201d, available at: www.openioc.org"},{"key":"key2020092310185753100_ref019","unstructured":"MITRE (2017), \u201cSTIX: a structured language for cyber threat intelligence\u201d, available at: https:\/\/oasis-open.github.io\/cti-documentation\/ (accessed 5 March 2017)."},{"key":"key2020092310185753100_ref020","article-title":"Automated Confidence Score Measurement of Threat Indicators","year":"2017"},{"issue":"4","key":"key2020092310185753100_ref021","first-page":"1","article-title":"NoSQL database: new era of databases for big data analytics-classification, characteristics and comparison","volume":"6","year":"2013","journal-title":"ArXiv Preprint ArXiv:1307.0191"},{"key":"key2020092310185753100_ref022","volume-title":"Security Information and Event Management (SIEM) Implementation","year":"2017"},{"issue":"4","key":"key2020092310185753100_ref023","first-page":"16","article-title":"Type of NoSQL databases and its comparison with relational databases","volume":"5","year":"2013","journal-title":"International Journal of Applied Information Systems"},{"key":"key2020092310185753100_ref024","unstructured":"Neo4j (2017), \u201cFrom relational to Neo4j\u201d, available at: https:\/\/neo4j.com\/developer\/graph-db-vs-rdbms\/#_from_relational_to_graph_databases"},{"issue":"12","key":"key2020092310185753100_ref025","first-page":"1721","article-title":"The modelling of a digital forensic readiness approach for wireless local area networks","volume":"18","year":"2012","journal-title":"Journal of Universal Computer Science"},{"key":"key2020092310185753100_ref026","unstructured":"OSSEC (2018), \u201cOpen source HIDS SECurity\u201d, available at: www.ossec.net\/ (accessed 10 May 2018)."},{"key":"key2020092310185753100_ref027","unstructured":"Palmer, G. (2001), \u201cDTR - T001-01 technical report. A road map for digital forensic research\u201d, Utica, New York, NY, available at: www.dfrws.org\/2001\/dfrws-rm-final.pdf"},{"key":"key2020092310185753100_ref028","first-page":"181","article-title":"Information assurance and forensic readiness","year":"2010","journal-title":"Next Generation Society. Technological and Legal"},{"key":"key2020092310185753100_ref029","unstructured":"Pomenon Institute (2015), \u201cThe importance of cyber threat intelligence to a strong security posture\u201d, available at: www.webroot.com\/shared\/pdf\/CyberThreatIntelligenceReport2015.pdf%5Cnhttps:\/\/www.webroot.com\/shared\/pdf\/CyberThreatIntelligenceReport2015.pdf"},{"issue":"7","key":"key2020092310185753100_ref030","first-page":"701","article-title":"Big forensic data management in heterogeneous distributed systems: quick analysis of multimedia forensic data","volume":"39","year":"2016","journal-title":"Software: Practice and Experience"},{"key":"key2020092310185753100_ref031","first-page":"73","article-title":"The architecture of a digital forensic readiness management system","volume-title":"Computers and Security","year":"2013"},{"issue":"3","key":"key2020092310185753100_ref032","first-page":"1","article-title":"A ten step process for forensic readiness","volume":"2","year":"2004","journal-title":"International Journal of Digital Evidence"},{"key":"key2020092310185753100_ref033","first-page":"837","article-title":"Threat intelligence sharing platforms: An exploratory study of software vendors and research perspectives","year":"2017"},{"issue":"2","key":"key2020092310185753100_ref034","doi-asserted-by":"crossref","first-page":"57","DOI":"10.4018\/IJSS.2017070105","article-title":"A Socio-Technical perspective on threat intelligence informed digital forensic readiness","volume":"4","year":"2017","journal-title":"International Journal of Systems and Society"},{"key":"key2020092310185753100_ref035","first-page":"3","article-title":"A system for the proactive, continuous, and efficient collection of digital forensic evidence","volume-title":"Digital Investigation","year":"2011"},{"issue":"3","key":"key2020092310185753100_ref036","doi-asserted-by":"crossref","first-page":"19","DOI":"10.4018\/jdcf.2011070102","article-title":"Requirements for a forensically ready cloud storage service","volume":"3","year":"2011","journal-title":"International Journal of Digital Crime and Forensics"},{"key":"key2020092310185753100_ref037","unstructured":"Stratosphere Lab (2015), \u201cStratosphere datasets\u201d, available at: www.stratosphereips.org\/ (accessed 10 August 2018)."},{"key":"key2020092310185753100_ref038","doi-asserted-by":"crossref","unstructured":"Symantec (2010), \u201cTrojan.Zbot\u201d, available at: www.symantec.com\/security-center\/writeup\/2010-011016-3514-99 (accessed 20 October 2018).","DOI":"10.1016\/S1361-3723(10)70136-6"},{"key":"key2020092310185753100_ref039","unstructured":"Tan, J. (2001), \u201cForensic Readiness\u201d, available at: https:\/\/isis.poly.edu\/kulesh\/forensics\/forensic_readiness.pdf, Cambridge, MA 02139 USA."},{"issue":"September","key":"key2020092310185753100_ref040","first-page":"212","article-title":"A survey on technical threat intelligence in the age of sophisticated cyber attacks","volume":"72","year":"2018","journal-title":"Computers and Security, Elsevier Ltd"},{"key":"key2020092310185753100_ref041","unstructured":"Verizon (2018), \u201c2018 Data breach investigations report\u201d, available at: www.verizonenterprise.com\/resources\/reports\/rp_DBIR_2018_Report_execsummary_en_xg.pdf"},{"key":"key2020092310185753100_ref042","article-title":"Big data analytics for sophisticated attack detection","volume":"3","year":"2014","journal-title":"ISACA Journal"},{"key":"key2020092310185753100_ref043","unstructured":"Wigmore, I. (2015), \u201cWhat is threat intelligence\u201d, available at: https:\/\/whatis.techtarget.com\/definition\/threat-intelligence-cyber-threat-intelligence (accessed 7 July 2018)."}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-09-2018-0110\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-09-2018-0110\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:12Z","timestamp":1753406592000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/27\/2\/273-291\/106599"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,6,12]]},"references-count":43,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,6,12]]}},"alternative-id":["10.1108\/ICS-09-2018-0110"],"URL":"https:\/\/doi.org\/10.1108\/ics-09-2018-0110","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"value":"2056-4961","type":"print"},{"value":"2056-4961","type":"print"}],"subject":[],"published":{"date-parts":[[2019,6,12]]}}}