The analyst mindset : a cognitive skills assessment of digital forensic analysts.

Sanders, Chris (Christopher Dean), 1986-

The analyst mindset : a cognitive skills assessment of digital forensic analysts.

dc.contributor.advisor	Cooper, Sandra Bennett.
dc.creator	Sanders, Chris (Christopher Dean), 1986-
dc.date.accessioned	2022-01-28T14:48:52Z
dc.date.available	2022-01-28T14:48:52Z
dc.date.created	2021-12
dc.date.issued	2021-09-24
dc.date.submitted	December 2021
dc.date.updated	2022-01-28T14:48:53Z
dc.description.abstract	Despite significant investment in cyber security, the industry is unable to stem the tide of damaging attacks against computer networks. This unfortunate situation is, in part, because cyber security exists in a state of cognitive crisis defined by tacit knowledge and poorly understood processes. At the heart of the crisis are digital forensic analysts that identify and investigate intrusions. Unfortunately, even skilled analysts in these roles are often unable to explain how they go about the process of finding intruders and assessing their foothold on a network. Without this knowledge, professional and academic educators are unable to build a standardized industry-accepted curriculum for the identification and training of new analysts. While there have been some attempts to inventory the skills, processes, and knowledge required to serve in the digital forensic analyst role, no current efforts provide a thorough, research-backed accounting of the profession with consideration for cognitive skill elements. This problem of practice study details a cognitive skills assessment of the digital forensic analyst profession by leveraging two Cognitive Task Analysis (CTA) research methods. The Simplified Precursor, Action, Result, Interpretation (PARI) method provided a framework for eliciting procedural skills, and the Critical Decision Method (CDM) supported the discovery of decision-making skills. Using these techniques, interviews conducted with expert analyst practitioners revealed four unique procedural skill categories, characteristics of two significant facets of analyst decision making, and numerous subcategory elements that describe additional dimensions of expert analyst performance. The results converged on a model of diagnostic inquiry that represents the relationships between how analysts formed investigative questions, interpreted evidence, assessed the disposition of events, and chose their next investigative actions. These findings establish explicit knowledge that provides a foundational understanding of how skilled analysts perform investigations. They also lay new groundwork for cyber security’s emergence from its cognitive crisis, with implications for educators and practitioners alike.
dc.format.mimetype	application/pdf
dc.identifier.uri	https://hdl.handle.net/2104/11721
dc.language.iso	en
dc.rights.accessrights	Worldwide access
dc.subject	Digital forensics. Cognitive task analysis. Intrusion analysis. Computer forensics. Cyber security. Incident response. Cognitive task. Intrusion detection. Security operation center. SOC. Investigator. Analyst. CDM. PARI. Diagnostic inquiry. Digital evidence. Investigation theory. CSIRT. CERT.
dc.title	The analyst mindset : a cognitive skills assessment of digital forensic analysts.
dc.type	Thesis
dc.type.material	text
thesis.degree.department	Baylor University. Dept. of Curriculum & Instruction.
thesis.degree.grantor	Baylor University
thesis.degree.level	Doctoral
thesis.degree.name	Ed.D.