Workflow:
Immersive Forensic Workbench R&D

Building on the research and advancements of the Immersive Grid, we tightened our focus on exploring security events in detail and their connections between assets. In our study, we noticed the impressive amount of cognitive overhead an analyst manages during their investigations. We sought to improve their techniques with browser tabs and spreadsheets by relieving them of this overhead so they could focus even more intently and move faster.

An Object-based 3D Workbench

INTRODUCTION
Digging deeper into investigations and the elements that comprise an event, we explored an object-based forensic workbench concept. Dubbed Workflow, the idea enables an analyst to deeply examine each aspect of an event while seeing that event's relationship to other events across a network.

ONE COMPONENT OF AN OVERALL ECOSYSTEM
Just as we discovered each display device had its advantages, we also realized each Immersive experience offered its own. A global Network City View for network-wide monitoring, drilling down to Advanced Workflow and seeing how everything is connected through Relationship Data Visualization—all connected to a traditional SOC desktop environment.

ImmersiveSystemsDiagram_01

BUILDING THE EVENT OBJECT MODEL WORKBENCH
Working on a deeper level of data model at the security event level, we advanced our object-based vocabulary focusing on assets, events, observations, and the connections between each of them. Below is an exploration of those object relationships and hierarchies that evolved into the workbench experience.

UserFlows_01-03
UserFlows_01-04-2
UserFlows_01-05
UserFlows_01-06-1
WorkplaneStudy
summonserver
summonlaptop
StadiumView
Concept1
MultipleEvents

Spatial organization and reasoning

DATA AS OBJECTS
We explored organizing events, assets, and connections in a three-dimensional workspace where details and context were exposed on command. Groups of objects were organized into "stadiums" where each asset could be observed from the user's location. Connections between events and assets were shown across the netwo

DEPLOYED IN WEBXR
Having developed prototypes in Unreal Engine and Unity, we looked to a universal solution that could be deployed on a portable headset and, eventually, AR headsets. Designing within significant performance constraints focused our work on user-critical data and interactions. Below is a video of the Workflow WebXR prototype built on actual network data wirelessly on the Oculus Quest.

Previous
Confidential International Cybersecurity Startup
Next
The Immersive Grid
LogoMark_Large_Grey

©2023 MICHAELTHOMASWILSON