| Cyber incident response is an emphasized subject area in cybersecurity in information technology with increased need for the protection of data. Due to ongoing threats, cybersecurity imposes many challenges and requires new investigative response techniques. In this study a Linux Incident Response Framework is designed for collecting volatile data during an incident response in cybercrime investigations. The theoretical model allows a forensics and/or intrusion investigator to perform an incident response, and aids in volatile data collection for triage analysis during an investigation. The methodology and framework with associated program is called LinuxIR. LinuxIR is an effective tool for investigators performing incident response to gather volatile data and perform analysis in cybercrime investigations and is effective in collecting substantial information related to detection of malicious indicators for investigative analysis. The framework was found to preserve evidence and provides a minimal digital footprint due to the speed of the program being executed, minimal memory footprint, physical size of program, and number lines of code. The LinuxIR framework worked effectively against all of the Linux distributions validated against. These included Ubuntu, Debian, Mageia, Mint, and Fedora. Finally, the LinuxIR framework was easy to use, flexible, and required minimal interaction by the responder to collect data for investigative analysis.;Keywords Incident Response, Forensics, Volatile Data Collection, Forensic Analysis, Linux, Response Methodology, Malware Analysis, Linux Forensics, Network Intrusions, Cybercrime Investigations, Triage Analysis, Forensics Framework. |
