ABSTRACT
To be able to examine large amounts of data in a timely manner in search of important evidence during crime investigations is essential to the success of computer forensic examinations. The limitations in time and resources, both computational and human, have a negative impact in the results obtained. Thus, better use of the resources available are necessary, beyond the capabilities of the currently used forensic tools. Herein, we describe the use of Artificial Intelligence in computer forensics through the development of a multiagent system and case-based reasoning. This system is composed of specialized intelligent agents that act based on the experts knowledge of the technical domain. Their goal is to analyze and correlate the data contained in the evidences of an investigation and based on its expertise, present the most interesting evidence to the human examiner, thus reducing the amount of data to be personally analyzed. The correlation feature helps to find links between evidences that can be easily overlooked by a human expert, specially due to the amount of data involved. This system has been tested using real data and the results were very positive when compared to those obtained by the human expert alone performing the same analysis.
- Nicole Beebe and Jan Guynes Clark. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2): 147--167, 2005. Google ScholarDigital Library
- Fabio Luigi Bellifemine, Giovanni Caire, and Dominic Greenwood. Developing Multi-Agent Systems with JADE. Wiley Series in Agent Technology, Sussex, England, 2007. ISBN 978-0-470-05747-6.Google Scholar
- D. Bruschi and M. Monga. How to reuse knowledge about forensic investigations, 2004.Google Scholar
- Andrew Case, Andrew Cristina, Lodovico Marziale, Golden G. Richard, and Vassil Roussev. Face: Automated digital evidence discovery and correlation. Digital Investigation, 5(Supplement 1):S65--S75, September 2008. Google ScholarDigital Library
- Daniel D Corkill. Collaborating Software: Blackboard and Multi-Agent Systems & the Future. In Proceedings of the International Lisp Conference, New York, USA, October 2003.Google Scholar
- Mark d'Inverno and Michael Luck. Understanding Agent Systems. Springer Series in Agent Technology, Berlin, Germany, 2nd revised and extended edition, 2004. ISBN 3-540-40700-6. Google ScholarDigital Library
- Simson L. Garfinkel. Forensic feature extraction and cross-drive analysis. Digital Investigation, 3S:S71--S81, 2006. Google ScholarDigital Library
- Michael N. Huhns and Munindar P. Singh, editors. Readings in Agents. Morgan Kaufmann, San Francico, USA, 1998. ISBN 1-55860-495-2. Google ScholarDigital Library
- Telecom Italia Lab (TILAB). Java Agent DEvelopment framework - JADE. Online. http://jade.tilab.comGoogle Scholar
- V. Jagannathan, R. Dodhiawala, and L. S. Baum, editors. Blackboard Architectures and Applications. Academic Press, Orlando, FL, USA, 1989. Google ScholarDigital Library
- George F. Luger. Artificial Intelligence: Structures and Strategies for Complex Problem Solving. Addison-Wesley, USA, 4th edition, 2002. ISBN 0-201-64866-0. Google ScholarDigital Library
- Steve Mead. Unique file identification in the national software reference library. Digital Investigation, 3(3): 138--150, 2006. Google ScholarDigital Library
- H. Penny Nii. Blackboard systems, part one: The blackboard model of problem solving and the evolution of blackboard architectures. AI Magazine, 7(2): 38--53, 1986. Google ScholarDigital Library
- S. Pinson and P. Moraïtis. An intelligent distributed system for strategic decision making. Group Decision and Negotiation, 6: 77--108, 1996.Google ScholarCross Ref
- Vassil Roussev and Golden G. Richard III. Breaking the performance wall: The case for distributed digital forensics. In Digital Forensic Research Workshop - DFRWS, 2004.Google Scholar
- Gong Ruibin and Mathias Gaertner. Case-relevance information investigation: Binding computer intelligence to the current computer forensic framework. International Journal of Digital Evidence, 4(1), 2005.Google Scholar
- Stuart J. Russell and Peter Norvig. Artificial Intelligence: A Modern Approach. Prentice-Hall, USA, 2nd edition, 2002. ISBN 0-13-790395-2. Google ScholarDigital Library
- Philip Turner. Unification of digital evidence from disparate sources (digital evidence bags). In Digital Forensic Research Workshop - DFRWS, 2005.Google ScholarDigital Library
- Philip Turner. Selective and intelligent imaging using digital evidence bags. Digital Investigation, 3(Supplement-1): 59--64, 2006. Google ScholarDigital Library
- Philip Turner. Applying a forensic approach to incident response, network investigation and system administration using digital evidence bags. Digital Investigation, 4(1): 30--35, 2007. Google ScholarDigital Library
- H. Velthuijsen, editor. The Nature and Applicability of the Blackboard Architecture. PTT-Research, Maastricht, 1992.Google Scholar
- Gerhard Weiß, editor. Multiagent Systems: a Modern Approach to Distributed Artificial Intelligence. The MIT Press, Cambridge, USA, 2nd edition, 2000. ISBN 0-262-23203-0. Google ScholarDigital Library
- Michael Wooldridge. An Introduction to MultiAgent Systems. John Wiley & Sons, Ltd., Sussex, England, 2002. ISBN 0-471-49691-X. Google ScholarDigital Library
Index Terms
- Artificial intelligence applied to computer forensics
Recommendations
IT forensics: 22 years on
This paper examines the progress made in the area of 'digital forensics' and 'cybercrime investigation' since the author's first involvement in the subject in 1986. At that time, hard disk technology was in its relative infancy and examination of ...
Protecting Digital Data Privacy in Computer Forensic Examination
SADFE '11: Proceedings of the 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic EngineeringPrivacy is a fundamental human right defined in the Universal Declaration of Human Rights. To enable the protection of data privacy, personal data that are not related to the investigation subject should be excluded during computer forensic examination. ...
A Cooperative Multi-agent Approach to Computer Forensics
WI-IAT '08: Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 02This article proposes the use of a collaborative multi-agent approach to develop a toolkit to assist the experts during the forensic examination process: MADIK - a Multi-Agent Digital Investigation ToolKit. The use of a multi-agent approach has been ...
Comments