Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

D4I-Digital forensics framework for reviewing and investigating cyber attacks



Athanasios Dimitriadis, Boonserm Kulvatunyou, Nenad Ivezic, Ioannis Mavridis


Many companies have cited lack of cyber-security as the main barrier to Industrie 4.0 or digitalization. Security functions include protection, detection, response and investigation. Cyber-attack investigation is important as it can support the mitigation of damages and maturing future prevention approaches. Nowadays, the investigation of cyber-attacks has evolved more than ever leveraging combinations of intelligent tools and digital forensics processes. Intelligent tools (such as YARA rules, and Indicators of Compromise) are effective only when there is prior knowledge about software and mechanisms used in the cyber-attack, i.e., they are not attack-agnostic. Therefore, the effectiveness of these intelligent tools is inversely proportional to the number of the never-seen-before software and mechanisms utilized. Digital forensic processes, while not suffering from such issue, lack the ability to provide in-depth support to a cyber-attack investigation. The reason being that there are insufficient details in the examination and analysis phases of the processes where the actual investigation takes place. This paper proposes a framework for digital forensics investigation of cyber-attacks called D4I (Digital FORensics framework for Investigation of cyber-attacks in Industrie 4.0 or digitalization), focusing on enhancing the examination and analysis phases. The framework introduces two key properties. First, the framework proposes a digital artifacts categorization and mapping to the generalized steps of attacks - Cyber-Kill-Chain. Second, it provides detailed steps for the examination and analysis phases. As a result, D4I provides a step-by- step way to investigate cyber-attacks that is not only attack-agnostic but also provides sufficient details for repeatable and effective investigation.
Array Elsevier


Digital Forensics Framework, Artifacts Categorization and Mapping, Examination and Analysis, Digital Investigation, Smart Manufacturing, Digitalization, Industrie 4.0


Dimitriadis, A. , Kulvatunyou, B. , Ivezic, N. and Mavridis, I. (2019), D4I-Digital forensics framework for reviewing and investigating cyber attacks, Array Elsevier, [online], (Accessed April 14, 2024)
Created December 25, 2019, Updated June 24, 2021