Unified Cyber Investigation Platform with IoT-Based SOC Monitoring and Digital Footprint Analysis
Abstract
Security Operations Centers (SOCs) form the back- bone of modern enterprise cyber defense, continuously monitoring authentication activity, system behavior, and threat intelligence. Credential-based attacks such as brute-force login attempts, password spraying, and unauthorized access remain among the most effective and persistent intrusion techniques. While commercial SIEM platforms provide advanced analytics and correlation, they often suffer from delayed alerting, alert fatigue, and limited analyst attention. Furthermore, most SOC solutions lack tangible physical alerting mechanisms that can im- mediately draw human attention during active attack scenarios. This paper presents a Unified Cyber Investigation Platform that integrates Windows authentication monitoring, real-time SOC visualization, IoT-based physical alerting, and digital foot- print analysis. Windows Security Event Logs are forwarded using NXLog to a Raspberry Pi-based monitoring node, where authentication events are analyzed using threshold-based, temporal, and behavior-aware detection models. Upon detection of suspicious activity, the platform triggers real-time dashboard alerts and GPIO-controlled physical buzzer notifications. Extensive architectural analysis, threat modeling, SOC workflow mapping, performance evaluation, and governance alignment demonstrate that the proposed platform improves situational awareness, reduces detection latency, and enhances response readiness. The platform is designed to be cost-effective, interpretable, and suitable for educational institutions, research laboratories, and small-to-medium enterprise environments. In addition, the system emphasizes explainable detection logic, allowing analysts to understand alert causes rather than relying on opaque black-box mechanisms. This feature is particularly valuable in academic environments and training-focused SOC simulations.
Keywords
Security Operations Center, IoT Security, Windows Authentication Logs, Brute-Force Detection, Digital Foot- print Analysis, Raspberry Pi, Cyber Investigation
Citations
IRE Journals:
Prof. Fayaz Ahamed Shaikh, Pavan Kumar C K, Darshan K Revankar, Sagar Basappa Godachi "Unified Cyber Investigation Platform with IoT-Based SOC Monitoring and Digital Footprint Analysis" Iconic Research And Engineering Journals Volume 9 Issue 6 2025 Page 1852-1856 https://doi.org/10.64388/IREV9I6-1713109
IEEE:
Prof. Fayaz Ahamed Shaikh, Pavan Kumar C K, Darshan K Revankar, Sagar Basappa Godachi
"Unified Cyber Investigation Platform with IoT-Based SOC Monitoring and Digital Footprint Analysis" Iconic Research And Engineering Journals, 9(6) https://doi.org/10.64388/IREV9I6-1713109
About IRE Journals
IRE Journals is an open access online journals established with an aim to publish high quality of research work in various diciplines. We have more than 6 years in publications. Over 2500+ papers already published.
Important Links
For Authors
Volume 8:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 7:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 6:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 5:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 4:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12Volume 3:
Issue 1, Issue 2, Issue 3, Issue 4, Issue 5, Issue 6, Issue 7, Issue 8, Issue 9, Issue 10, Issue 11, Issue 12