Nothing Special   »   [go: up one dir, main page]

skip to main content
10.1145/1529282.1529471acmconferencesArticle/Chapter ViewAbstractPublication PagessacConference Proceedingsconference-collections
research-article

Artificial intelligence applied to computer forensics

Published: 08 March 2009 Publication History

Abstract

To be able to examine large amounts of data in a timely manner in search of important evidence during crime investigations is essential to the success of computer forensic examinations. The limitations in time and resources, both computational and human, have a negative impact in the results obtained. Thus, better use of the resources available are necessary, beyond the capabilities of the currently used forensic tools. Herein, we describe the use of Artificial Intelligence in computer forensics through the development of a multiagent system and case-based reasoning. This system is composed of specialized intelligent agents that act based on the experts knowledge of the technical domain. Their goal is to analyze and correlate the data contained in the evidences of an investigation and based on its expertise, present the most interesting evidence to the human examiner, thus reducing the amount of data to be personally analyzed. The correlation feature helps to find links between evidences that can be easily overlooked by a human expert, specially due to the amount of data involved. This system has been tested using real data and the results were very positive when compared to those obtained by the human expert alone performing the same analysis.

References

[1]
Nicole Beebe and Jan Guynes Clark. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2): 147--167, 2005.
[2]
Fabio Luigi Bellifemine, Giovanni Caire, and Dominic Greenwood. Developing Multi-Agent Systems with JADE. Wiley Series in Agent Technology, Sussex, England, 2007. ISBN 978-0-470-05747-6.
[3]
D. Bruschi and M. Monga. How to reuse knowledge about forensic investigations, 2004.
[4]
Andrew Case, Andrew Cristina, Lodovico Marziale, Golden G. Richard, and Vassil Roussev. Face: Automated digital evidence discovery and correlation. Digital Investigation, 5(Supplement 1):S65--S75, September 2008.
[5]
Daniel D Corkill. Collaborating Software: Blackboard and Multi-Agent Systems & the Future. In Proceedings of the International Lisp Conference, New York, USA, October 2003.
[6]
Mark d'Inverno and Michael Luck. Understanding Agent Systems. Springer Series in Agent Technology, Berlin, Germany, 2nd revised and extended edition, 2004. ISBN 3-540-40700-6.
[7]
Simson L. Garfinkel. Forensic feature extraction and cross-drive analysis. Digital Investigation, 3S:S71--S81, 2006.
[8]
Michael N. Huhns and Munindar P. Singh, editors. Readings in Agents. Morgan Kaufmann, San Francico, USA, 1998. ISBN 1-55860-495-2.
[9]
Telecom Italia Lab (TILAB). Java Agent DEvelopment framework - JADE. Online. http://jade.tilab.com
[10]
V. Jagannathan, R. Dodhiawala, and L. S. Baum, editors. Blackboard Architectures and Applications. Academic Press, Orlando, FL, USA, 1989.
[11]
George F. Luger. Artificial Intelligence: Structures and Strategies for Complex Problem Solving. Addison-Wesley, USA, 4th edition, 2002. ISBN 0-201-64866-0.
[12]
Steve Mead. Unique file identification in the national software reference library. Digital Investigation, 3(3): 138--150, 2006.
[13]
H. Penny Nii. Blackboard systems, part one: The blackboard model of problem solving and the evolution of blackboard architectures. AI Magazine, 7(2): 38--53, 1986.
[14]
S. Pinson and P. Moraïtis. An intelligent distributed system for strategic decision making. Group Decision and Negotiation, 6: 77--108, 1996.
[15]
Vassil Roussev and Golden G. Richard III. Breaking the performance wall: The case for distributed digital forensics. In Digital Forensic Research Workshop - DFRWS, 2004.
[16]
Gong Ruibin and Mathias Gaertner. Case-relevance information investigation: Binding computer intelligence to the current computer forensic framework. International Journal of Digital Evidence, 4(1), 2005.
[17]
Stuart J. Russell and Peter Norvig. Artificial Intelligence: A Modern Approach. Prentice-Hall, USA, 2nd edition, 2002. ISBN 0-13-790395-2.
[18]
Philip Turner. Unification of digital evidence from disparate sources (digital evidence bags). In Digital Forensic Research Workshop - DFRWS, 2005.
[19]
Philip Turner. Selective and intelligent imaging using digital evidence bags. Digital Investigation, 3(Supplement-1): 59--64, 2006.
[20]
Philip Turner. Applying a forensic approach to incident response, network investigation and system administration using digital evidence bags. Digital Investigation, 4(1): 30--35, 2007.
[21]
H. Velthuijsen, editor. The Nature and Applicability of the Blackboard Architecture. PTT-Research, Maastricht, 1992.
[22]
Gerhard Weiß, editor. Multiagent Systems: a Modern Approach to Distributed Artificial Intelligence. The MIT Press, Cambridge, USA, 2nd edition, 2000. ISBN 0-262-23203-0.
[23]
Michael Wooldridge. An Introduction to MultiAgent Systems. John Wiley & Sons, Ltd., Sussex, England, 2002. ISBN 0-471-49691-X.

Cited By

View all
  • (2024)IoT forensics in ambient intelligence environments: Legal issues, research challenges and future directionsJournal of Ambient Intelligence and Smart Environments10.3233/AIS-22051116:1(73-110)Online publication date: 14-Mar-2024
  • (2024)Impact of Artificial Intelligence in Digital Forensics: A Review StudySSRN Electronic Journal10.2139/ssrn.4492420Online publication date: 2024
  • (2024)FPGAA: A Multi-Feature Provenance Graph for the Accurate Alert SystemIEEE Access10.1109/ACCESS.2024.347668012(149617-149632)Online publication date: 2024
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing
March 2009
2347 pages
ISBN:9781605581668
DOI:10.1145/1529282
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 March 2009

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. JADE
  2. artificial intelligence
  3. computer forensics
  4. digital investigation
  5. multiagent systems

Qualifiers

  • Research-article

Conference

SAC09
Sponsor:
SAC09: The 2009 ACM Symposium on Applied Computing
March 8, 2009 - March 12, 2008
Hawaii, Honolulu

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25
The 40th ACM/SIGAPP Symposium on Applied Computing
March 31 - April 4, 2025
Catania , Italy

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)81
  • Downloads (Last 6 weeks)3
Reflects downloads up to 03 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)IoT forensics in ambient intelligence environments: Legal issues, research challenges and future directionsJournal of Ambient Intelligence and Smart Environments10.3233/AIS-22051116:1(73-110)Online publication date: 14-Mar-2024
  • (2024)Impact of Artificial Intelligence in Digital Forensics: A Review StudySSRN Electronic Journal10.2139/ssrn.4492420Online publication date: 2024
  • (2024)FPGAA: A Multi-Feature Provenance Graph for the Accurate Alert SystemIEEE Access10.1109/ACCESS.2024.347668012(149617-149632)Online publication date: 2024
  • (2024)Decision-making approach based on bipolar complex fuzzy Hamacher power aggregation operators for classifying computer forensicsInternational Journal of Intelligent Computing and Cybernetics10.1108/IJICC-08-2024-0410Online publication date: 28-Nov-2024
  • (2024)Interobserver variation affects accuracy of inference in life history studies using cementochronologyHeliyon10.1016/j.heliyon.2024.e39887(e39887)Online publication date: Oct-2024
  • (2024)An Overview of Artificial Intelligence Applications in Cybersecurity DomainsSmart Trends in Computing and Communications10.1007/978-981-97-1326-4_2(11-24)Online publication date: 2-Jun-2024
  • (2024)Artificial Intelligence Perspective on Digital ForensicsApplying Artificial Intelligence in Cybersecurity Analytics and Cyber Threat Detection10.1002/9781394196470.ch3(33-44)Online publication date: 22-Mar-2024
  • (2023)A Guide to Digital Forensic “Theoretical to Software-Based Investigations”Perspectives on Ethical Hacking and Penetration Testing10.4018/978-1-6684-8218-6.ch001(1-30)Online publication date: 30-Jun-2023
  • (2023)Toward Metaverse of everything: Opportunities, challenges, and future directions of the next generation of visual/virtual communicationsJournal of Network and Computer Applications10.1016/j.jnca.2023.103675217(103675)Online publication date: Aug-2023
  • (2022)Artificial Intelligence and Augmented Reality Technologies in Forensic ActivityAdvances in Law Studies10.29039/2409-5087-2022-10-4-66-7010:4(66-70)Online publication date: 27-Dec-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media