Process mining, a new tool to help against ransomware?

Track: Technical
Technical level
Time: 13:00

The amount of data is growing by the day, processing this data requires more and more time and labor. IT forensics departments also starting to notice this. Manually processing data to find answers requires a lot of time and labor. So, a natural question arose, how can this be done more efficient. The purpose of this research is to determine whether data processing can be made more efficient by applying process mining. For this purpose, there was focused on the cyber security threat of ransomware.

Lots of data can be generated during a ransomware attack and this data needs to be analyzed to gain inside. For this research the following question has been formulated: To what extent can process mining be used within IT forensics, focused on a ransomware threat? In order to answer the research question, several studies were conducted in which crucial points were examined, this research formed the foundation for the practical test.

For the practical test, the possibilities of process mining were examined with the use of data from an environment in which ransomware had been released. From the results of the practical test, in combination with the answers from the previous studies, it could be concluded that, with the help of process mining an overview could be created were e.g. similarities and deviations could be simply recognized, starting point could be traced back and behavior patterns became visible without much invested time or intensive labor. This shows that process mining can be applied to IT forensics with successful results.

Speakers in this session
IT-Auditor, Joanknecht