Bringing Visual Clarity to Cyber Threats: How TUBS’ Forensics Visualization Toolkit Can Support MEDIATE
One of the key strengths of the MEDIATE project lies in its integration of advanced tools and expertise from across its consortium. Among these, the Technische Universität Braunschweig (TUBS) will seek to contribute its Forensics Visualization Toolkit (FVT), a powerful solution developed for digital forensic investigations and cybersecurity analysis.
Within MEDIATE, FVT can enhance the ability to interpret complex cyber incidents by providing intuitive visualisations, timeline reconstructions, and correlation of multi-source evidence across supply chain environments. This capability is especially valuable in use cases like port operations or smart warehousing, where operators must quickly assess security events and understand their impact. Integrated with MEDIATE’s threat detection and decision support workflows, FVT can support faster, more informed responses while aligning with the project’s focus on privacy-preserving and federated analysis.
🔍 Threat Analysis & Forensics
Post-incident investigations: FVT can support the analysis of security incidents detected by MEDIATE’s AI-driven components by visualising timelines of events and correlations between activities across the supply chain.
Timeline reconstruction: It can reconstruct attack sequences from logs and telemetry collected from IoT, edge, and cloud systems in use-case environments (e.g. port or warehouse systems).
Evidence correlation: Helps cybersecurity analysts in MEDIATE explore multi-source evidence, such as anomaly reports, alerts, and sensor data, and identify attack patterns or suspicious behaviour faster.
📊 Risk Awareness & Decision Support
Operator support: By offering intuitive visual interfaces, FVT can improve the situational awareness of operators, making it easier to interpret complex incidents or assess the impact of threats.
Supports DSS: FVT can be integrated into MEDIATE’s Decision Support System (DSS) to provide graphical summaries and justifications for recommended countermeasures, especially useful in multi-actor environments.
🔐 Federated & Privacy-Aware Investigations
In line with MEDIATE’s privacy-preserving approach, FVT can support distributed forensic analysis under controlled access policies — enabling insights without violating data locality or sovereignty rules in federated systems.
🧩 Where it fits in MEDIATE
WP5 (Architecture and Platform Integration): FVT can be integrated into the platform as a component for forensic visualisation.
WP4 (Threat Detection and Analysis): It can serve as a back-end analyst tool for correlating threat models with real-world incidents.
Use-case validation (WP6): In pilots like Sea Freight Operations, FVT can support post-event reviews or incident simulation validation.