Due to the increasing number of cyber attacks, there is a growing need for incident responders who are able to reconstruct events and assess the actual damage caused by an incident using Digital Forensics (DF). For this reason, DF datasets are crucial for education, training and tool testing. Currently, such datasets are available either as statically prepared images via one of the publicly available dataset repositories. Alternatively, a dataset generation framework can be used to synthesise individually configurable datasets. In this article, we use the second approach and extend an established framework for our purposes. Our extension applies to both the target operating system and the framework traces induced by the data generation framework. More specifically, we take the existing data synthesis framework ForTrace as a baseline and integrate our concept of a Linux module that can perform (semi-)automatic attacks on Linux systems in order to create appropriate Indicators of Compromise (IoC) within the generated image. In doing so, we evaluate the suitability of Infrastructure as Code (IaC) for configuring vulnerable target systems and assess the effectiveness of our approach to avoiding undesirable artefacts caused by the data generation framework. To evaluate our framework extension, we generate synthetic datasets from two types of compromised systems as proof of concept using our new approach and then compare the actual traces generated with the expected traces based on the respective scenario.      «

Due to the increasing number of cyber attacks, there is a growing need for incident responders who are able to reconstruct events and assess the actual damage caused by an incident using Digital Forensics (DF). For this reason, DF datasets are crucial for education, training and tool testing. Currently, such datasets are available either as statically prepared images via one of the publicly available dataset repositories. Alternatively, a dataset generation framework can be used to synthesise in...     »