摘要 |
Disclosed is a cyber black box system including: a data collection unit which collects total packet data, flow data, and portable executable (PE) files in monitored network traffic; and a server which analyzes the cause of a cyber security incident based on the collected total packet data, flow data, and PE files and reproduces the cyber security incident. The present invention is to provide a cyber black box system, which can quickly analyze the cause of a security incident and can collect evidence data for the security incident, and a method thereof. |