Actionable threat intelligence for digital forensics readiness

Purpose The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing digital forensic readiness (DFR) schemes by leveraging the capabilities of cyber threat information sharing. Design/methodology/approach This paper uses a quantitative methodology to identify the most popular cyber threat intelligence (CTI) elements and introduces a lightweight approach to correlate those with potential forensic value, resulting in the quick and accurate triaging and identification of patterns of malicious activities. Findings While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics (DF) domain. Originality/value The proposed model can help organizations to improve their DFR posture, and thus minimize the time and cost of cybercrime incidents.