Factors Contributing to Performance for Cyber Security Forensic Analysis
Previously, the current authors (Hopkins et al. 2015) described research in which subjects provided a tool that facilitated their construction of a narrative account of events performed better in conducting cyber security forensic analysis. The narrative tool offered several distinct features. In the current paper, an analysis is reported that considered which features of the tool contributed to superior performance. This analysis revealed two features that accounted for a statistically significant portion of the variance in performance. The first feature provided a mechanism for subjects to identify suspected perpetrators of the crimes and their motives. The second feature involved the ability to create an annotated visuospatial diagram of clues regarding the crimes and their relationships to one another. Based on these results, guidance may be provided for the development of software tools meant to aid cyber security professionals in conducting forensic analysis.
KeywordsCyber security Forensic analysis Decision making Narratives
Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. (SAND2014-2123 C)
- Burning Glass: Job market intelligence: report on the growth of cyber security jobs (2014). http://www.burning-glass.com/media/4187/Burning%20Glass%20Report%20on%20Cybersecurity%20Jobs.pdf
- Hopkins, S.E., Silva, A., Wilson, A., Forsythe, C.: Facilitation of forensic analysis using a narrative template. In: Proceedings of the Applied Human Factors and Ergonomics Conference, Las Vegas, NV (2015)Google Scholar