Purpose
This capstone assignment requires you to synthesize the legal, ethical, and forensic knowledge acquired throughout this course. You will conduct thorough research on a modern adversary technique, analyze its real-world application based on threat intelligence, and propose effective forensic and mitigation strategies. This project will showcase your ability to analyze complex threats and contribute to proactive cybersecurity defense.
Associated Skills
- Cyber Threat Intelligence Analysis
- Digital Forensics and Incident Response (DFIR)
- Technical Research and Writing
- Mitigation Strategy Development
Instructions
Step 1: . Choose one specific Tactic, Technique, or Procedure (TTP) from the MITRE ATT&CK framework. Your selection should be based on a technique that has been prominently featured in recent cybersecurity advisories (i.e., within the last 6-12 months).
- Examples include T1055 (Process Injection), T1071 (Application Layer Protocol), T1486 (Data Encrypted for Impact), or another TTP of your choice
Step 2: Conduct Research. Gather information on your chosen TTP from authoritative sources. Your research must include:
- At least 3 recent cybersecurity advisories from sources like CISA, the FBI, or respected industry threat intelligence groups (e.g., Mandiant, CrowdStrike).
- Academic articles, peer-reviewed papers, and the official MITRE ATT&CK documentation.
- Analyze your findings and discuss how the Cyber Kill Chain steps relate to your selected advisories.
Step 3: Write the Research Paper. Compose a 58-page research paper that adheres to APA style and is organized with the following required sections:
- Introduction: Define your chosen TTP and establish its significance in the current threat landscape. Present a clear thesis statement about the TTP’s implications for digital forensics and incident response.
- Analysis of Emerging Trends: Discuss the broader trends in cybersecurity (e.g., fileless malware, living-off-the-land techniques, supply chain attacks) that have made this TTP more prevalent or effective.
- Technical Deep Dive on the TTP: Provide a detailed technical explanation of how the TTP works, including its common variations or sub-techniques. Analyze how it fits within the broader cyberattack lifecycle.
- Analysis of Recent Cybersecurity Advisories: Summarize the findings from the advisories you researched. Explain how threat actors have used this TTP in recent, real-world campaigns. Identify common Indicators of Compromise (IOCs) associated with the TTP.
- Implications for Digital Forensics: Analyze the specific challenges this TTP creates for forensic investigators. Discuss its impact on evidence collection and analysis across different domains (network, memory, and host).
- Recommendations and Mitigation Strategies: Propose specific, actionable recommendations for enhancing detection and mitigation. These should include technical controls, procedural changes for incident responders, and suggestions for improving forensic methodology.
- Additional Emerging Threats and Countermeasures in Cybersecurity: Summarize recent and concerning emerging threats and countermeasures including state of the art in ransomware and analysis and detection, social engineering attacks, and legal and ethical challenges in data protection and privacy.
- Conclusion: Summarize your key findings and reiterate the importance of adapting forensic methodologies to counter the evolution of this threat TTP.
Submission Guidelines / Criteria for Success
- Length: 58 pages (excluding title page and references)
- Formatting: Double-spaced, 12-point Times New Roman font, 1-inch margins
- Citations: APA format for all in-text citations and the final reference list.
- Source Requirements: A minimum of 5-8 credible sources, including the required cybersecurity advisories.
Evaluation Criteria
Your assignment will be evaluated based on the following rubric: