Forensics and Attribution

Forensics and Attribution focuses on investigating cyber incidents and identifying the actors responsible for them. When cyberattacks occur, investigators must analyze digital evidence to understand how an intrusion happened, what systems were affected, and who may be behind the activity. This work is essential for responding to incidents, improving defenses, and supporting legal or policy actions.

Research in this area develops methods and tools for collecting, analyzing, and interpreting digital evidence across networks, devices, and online platforms. Faculty and students study topics such as malware analysis, network forensics, threat intelligence, and techniques for linking malicious activity to specific groups or operations. By advancing the science of cyber investigation and attribution, researchers help organizations and governments better understand cyber threats and respond more effectively.