Steps for Improving Data Comprehension for Digital Security and Forensics

– Currently, there is an enormous need to better understand the underlying data being examined (or not examined) by intrusion and attack detection techniques. This lack of understanding leads to enormous amounts of extraneous information being collected, resulting in data sets in the gigabyte to terabyte range and creating scalability issues in terms of how to collect, collate, store, and analyze the collected data. Additionally, much of the available data with respect to the internal network is not yet being collected , resulting in enormous vulnerabilities, especially with respect to insider threat. This will exacerbate the scalability problem with the need to collect and collate the available information. In this paper, we discuss the fundamental issues relating to data collection and data comprehension. Additionally, we propose directions for improving attack analysis and the advantages of our modified data collection strategies.