Artificial Intelligence in Digital Forensics: Prospects and Problem Areas
The increasing frequency and ever-evolving sophistication of cyber-attacks are a digital forensics accountant’s nightmare. These often leave specialists with mountains of data to sift through using tools that quickly become obsolete and shrinking time frames within which to complete their tasks.
Artificial intelligence (AI) promises to provide forensic analysts with much-needed assistance, and early results are so far promising. But are there drawbacks to adopting this technology, as well?
The Challenges for Digital Forensics
First, let’s take a close look at the field of digital forensics itself and see what obstacles stand in the way of digital analysts.
The first challenge faced by digital forensics is that end-users have an ever-increasing amount of storage capacity available to them. Storage devices are everywhere, especially with connected electronic gadgets flooding the marketplace. This proliferation is a source of concern because the sheer volume of data that can be stored can overwhelm data analysts.
The next challenge for digital forensics has to do not only with the increasing volume of cyber-attacks but more so with their evolving sophistication. Unfortunately, most of the tools and methods available to forensics analysts have not been able to keep pace with the continuous evolution and improvement of the attacks.
The third challenge, and perhaps an excellent example of how attackers have successfully adapted to their evolving environment, is the emergence of distributed systems. Distributed environments increase the level of intensity of cyber attacks and make it possible for malicious actors to develop even more elegant approaches.
To address these, we have to apply rigorous logical procedures on large amounts of data to discover patterns and anomalies. And we need to accomplish this in a reasonable amount of time. The massive data processing requirement is beyond the capability of conventional approaches, and so we look to AI for assistance.
How Can AI Help?
Following are some of the areas where AI can prove its usefulness to forensic analysts. This list is by no means complete nor comprehensive. But it suggests where AI could make a significant impact.
AI is a broad technology built on many critical components. Arguably, one of the most important of these for digital forensics is knowledge representation (KR). KR is a process that includes reducing intricate human knowledge into a set of rules, called ontologies, that computers can use.
In recent years the focus has been to build ontologies that different applications and systems can share. Practitioners can then standardize the information in this field. Standardized methods make it possible to share forensic data with multinational entities working on a case. Standardization is a critical first step in building reusable repositories for techniques and procedures. Analysts can use these archived tools to test the AI’s performance and develop better solutions to keep up with sophisticated attacks.
Expert systems are another AI feature that helps digital forensics. These explain the reasoning behind the processes used and the conclusions obtained. The ability to clarify the methodology lets a third party objectively analyze and criticize the process and the logic used. It exposes any flaws in how the conclusions were derived.
Expert systems also speed up data analysis. The quicker analysis helps analysts cope with the challenge of dealing with enormous volumes of data.
Pattern recognition helps analysts spot and identify data clusters. This AI feature is useful in determining the contents of a picture, detecting spam email messages and recognizing swatches of hard drives that could contain questionable files. Similarly, a field of AI referred to as “knowledge discovery” is often paired with the intensive computational techniques of data mining. This combination allows analysts to spot relevant patterns in enormous collections of data.
Where Does AI Fall Short?
AI promises to make digital forensics more robust, capable, and able to adapt to changing situations. But it still needs to overcome many hurdles.
Changes in knowledge representation
For starters, knowledge representation continues to be a grand challenge for analysts. Computer forensics knowledge is essentially a “closed world”. If a particular piece of information is not within the ontology, for whatever reason, then it isn’t considered during the investigation. Missing vital information is a serious issue, especially in the lightning-paced field of computing because it can skew results and generate inaccurate conclusions. The obvious remedy is to add new pieces of knowledge. However, rebuilding the knowledge base may be a time-consuming process.
Limits of AI systems
Expert systems are handy for guiding analysts through procedures, as well as for automating processes. But they are not too good at working with large amounts of data. Pattern recognition systems, on the other hand, are suited to large-scale data processing. Combining these with expert systems could help improve performance.
However, pattern recognition solutions tend to generate large amounts of false positives and false negatives. They are also computationally intensive and could place a burden on an organization’s computing resources.
AI certainly holds great promise for digital forensics. It can provide much-needed capabilities and support for processing ever-growing volumes of data. We have shown a few examples here of how these two fields can synergize, but these barely scratch the surface of what is possible. However, the development in AI is still in its very early stages, and much more work is required for this field to mature and find stability.
About the Author
Alexandre Francois is a serial entrepreneur and tech enthusiast who believes that knowledge about innovations and emerging technologies should be easily understandable and available to everyone. Walking the talk, he is also the publishing director of Techslang — a tech awareness resource where cybersecurity and IT are explained in plain English.