Review of Ransomware Attacks and a Data Recovery Framework using Autopsy Digital Forensics Platform

The exponential growth of digital technologies and data communication has resulted in a significant increase in cyberattacks over the last ten years. Ransomware has emerged as a major global issue among these threats. Typically, this type of attack encrypts files on a target computer and demands payment in exchange for data recovery. Nevertheless, paying the ransom does not ensure the return of data. Therefore, it is essential to develop effective data recovery strategies to combat the ransomware threat. The aim of this research project is to investigate various types of ransomware, their characteristics, and propose a new framework for detecting and recovering data from infected files. To achieve this aim, we conducted an extensive literature review on ransomware attacks and data recovery methods. Additionally, we analyzed the behavior of the infamous WannaCry malware and executed it on a Windows virtual machine to study its features. Digital forensics were performed using the Autopsy tool to recover data infected with WannaCry. Based on our findings, we developed a novel framework that can efficiently detect and recover data from ransomware attacks. The practicality of the framework was demonstrated by recovering WannaCry-infected data using digital forensics. The results of this study have significant implications for developing viable data recovery solutions to address the growing ransomware threat. In conclusion, our research highlights the urgent need to establish data recovery techniques that can mitigate the effects of ransomware attacks and safeguard vital data.