The vast majority of research in computer security is dedicated to the design of detection, protection, and prevention solutions. While these techniques play a critical role to increase the security and privacy of our digital infrastructure, it is enough to look at the news to understand that it is not a matter of “if” our systems will be compromised, but only a matter of “when”. It is a well known fact that there is no 100% secure system, and that there is no practical way to prevent attackers with enough resources from breaking into sensitive targets.
Therefore, we need to develop scientific techniques to timely and precisely analyze computer security incidents and compromised systems. Unfortunately, the area of incident response received very little research attention, and it is still largely considered an art more than a science because of its lack of a proper theoretical and scientific background. PREMIERE promotes a new generation of Digital Forensics and Incident Response (DFIR) techniques, introducing a solid scientific methodology to this often neglected field. To achieve this broad objective, the project focuses on three fundamental problems: the poor and often unproven reliability of current DFIR techniques, the increasing diversity of data sources that need to be analyzed, and the scarce availability of forensic information provided by software and systems.
To solve these problems, PREMIERE proposes a groundbreaking, proactive methodology to support forensic analysis by design. It also introduces new methods to systematically measure the limitations of current techniques and improve current DFIR solutions. The new techniques proposed by PREMIERE are evaluated on real-world scenarios taken from different domains, including embedded systems and the Internet of Things, distributed Internet services, and the emerging area of cyber-insurance. All together, they allow the project to build a holistic view of the incident analysis and response problem.