An Integrated Digital Forensic Response To Ransomware Threats Leveraging Cve Exploits And Threat Intelligence

Abstract

Ransomware has become a major threat to safety, attacking both public and private sectors in more and more complex ways. This research shows a complete digital forensic reaction system created to look into and stop ransomware attacks, especially those that use well-known Common Vulnerabilities and Exposures (CVEs) like EternalBlue (CVE-2017-0144). The system combines memory forensics, disc imaging, network traffic analysis, and threat intelligence matching to quickly find ransomware attacks, analyse them in detail, and stop them from spreading. Open-source tools like Volatility, Autopsy, Wireshark, and YARA are used in a Kali Linux system by the suggested model to do multi-layered forensic investigations. The framework can find infection pathways, recover encrypted artefacts, extract in-memory encryption keys, and attribute threats based on behavioural patterns and Indicators of Compromise (IOCs). This is shown in real-world and simulated case studies, such as a WannaCry outbreak in a hospital network. The study shows the quantitative results show that they were very good at finding threats (93.2%), getting rid of memory artefacts (92.5%), and recovering some data (up to 87.4%). In addition, the system helps with legal paperwork and following foreign rules like GDPR and the Budapest Convention. This study offers a scalable and proactive way to fight modern ransomware threats by connecting technical forensics with strategic threat intelligence and legal ready. The paper stresses how important it is to always be ready for forensic situations, especially in business settings where quick responses and keeping proof safe are important for keeping operations running smoothly and for legal action.