research-article

Artificial intelligence applied to computer forensics

Authors:
Bruno W. P. Hoelz

National Institute of Criminalistics Brasília, DF, Brazil

National Institute of Criminalistics Brasília, DF, Brazil
View Profile

,
Célia Ghedini Ralha

Brasilia University, Brasília, DF, Brazil

Brasilia University, Brasília, DF, Brazil
View Profile

,
Rajiv Geeverghese

Brasilia University, Brasília, DF, Brazil

Brasilia University, Brasília, DF, Brazil
View Profile

SAC '09: Proceedings of the 2009 ACM symposium on Applied ComputingMarch 2009Pages 883–888https://doi.org/10.1145/1529282.1529471

Published:08 March 2009Publication History

SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing

Pages 883–888

ABSTRACT

To be able to examine large amounts of data in a timely manner in search of important evidence during crime investigations is essential to the success of computer forensic examinations. The limitations in time and resources, both computational and human, have a negative impact in the results obtained. Thus, better use of the resources available are necessary, beyond the capabilities of the currently used forensic tools. Herein, we describe the use of Artificial Intelligence in computer forensics through the development of a multiagent system and case-based reasoning. This system is composed of specialized intelligent agents that act based on the experts knowledge of the technical domain. Their goal is to analyze and correlate the data contained in the evidences of an investigation and based on its expertise, present the most interesting evidence to the human examiner, thus reducing the amount of data to be personally analyzed. The correlation feature helps to find links between evidences that can be easily overlooked by a human expert, specially due to the amount of data involved. This system has been tested using real data and the results were very positive when compared to those obtained by the human expert alone performing the same analysis.

References

Nicole Beebe and Jan Guynes Clark. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2): 147--167, 2005. Google ScholarDigital Library
Fabio Luigi Bellifemine, Giovanni Caire, and Dominic Greenwood. Developing Multi-Agent Systems with JADE. Wiley Series in Agent Technology, Sussex, England, 2007. ISBN 978-0-470-05747-6.Google Scholar
D. Bruschi and M. Monga. How to reuse knowledge about forensic investigations, 2004.Google Scholar
Andrew Case, Andrew Cristina, Lodovico Marziale, Golden G. Richard, and Vassil Roussev. Face: Automated digital evidence discovery and correlation. Digital Investigation, 5(Supplement 1):S65--S75, September 2008. Google ScholarDigital Library
Daniel D Corkill. Collaborating Software: Blackboard and Multi-Agent Systems & the Future. In Proceedings of the International Lisp Conference, New York, USA, October 2003.Google Scholar
Mark d'Inverno and Michael Luck. Understanding Agent Systems. Springer Series in Agent Technology, Berlin, Germany, 2^nd revised and extended edition, 2004. ISBN 3-540-40700-6. Google ScholarDigital Library
Simson L. Garfinkel. Forensic feature extraction and cross-drive analysis. Digital Investigation, 3S:S71--S81, 2006. Google ScholarDigital Library
Michael N. Huhns and Munindar P. Singh, editors. Readings in Agents. Morgan Kaufmann, San Francico, USA, 1998. ISBN 1-55860-495-2. Google ScholarDigital Library
Telecom Italia Lab (TILAB). Java Agent DEvelopment framework - JADE. Online. http://jade.tilab.comGoogle Scholar
V. Jagannathan, R. Dodhiawala, and L. S. Baum, editors. Blackboard Architectures and Applications. Academic Press, Orlando, FL, USA, 1989. Google ScholarDigital Library
George F. Luger. Artificial Intelligence: Structures and Strategies for Complex Problem Solving. Addison-Wesley, USA, 4^th edition, 2002. ISBN 0-201-64866-0. Google ScholarDigital Library
Steve Mead. Unique file identification in the national software reference library. Digital Investigation, 3(3): 138--150, 2006. Google ScholarDigital Library
H. Penny Nii. Blackboard systems, part one: The blackboard model of problem solving and the evolution of blackboard architectures. AI Magazine, 7(2): 38--53, 1986. Google ScholarDigital Library
S. Pinson and P. Moraïtis. An intelligent distributed system for strategic decision making. Group Decision and Negotiation, 6: 77--108, 1996.Google ScholarCross Ref
Vassil Roussev and Golden G. Richard III. Breaking the performance wall: The case for distributed digital forensics. In Digital Forensic Research Workshop - DFRWS, 2004.Google Scholar
Gong Ruibin and Mathias Gaertner. Case-relevance information investigation: Binding computer intelligence to the current computer forensic framework. International Journal of Digital Evidence, 4(1), 2005.Google Scholar
Stuart J. Russell and Peter Norvig. Artificial Intelligence: A Modern Approach. Prentice-Hall, USA, 2^nd edition, 2002. ISBN 0-13-790395-2. Google ScholarDigital Library
Philip Turner. Unification of digital evidence from disparate sources (digital evidence bags). In Digital Forensic Research Workshop - DFRWS, 2005.Google ScholarDigital Library
Philip Turner. Selective and intelligent imaging using digital evidence bags. Digital Investigation, 3(Supplement-1): 59--64, 2006. Google ScholarDigital Library
Philip Turner. Applying a forensic approach to incident response, network investigation and system administration using digital evidence bags. Digital Investigation, 4(1): 30--35, 2007. Google ScholarDigital Library
H. Velthuijsen, editor. The Nature and Applicability of the Blackboard Architecture. PTT-Research, Maastricht, 1992.Google Scholar
Gerhard Weiß, editor. Multiagent Systems: a Modern Approach to Distributed Artificial Intelligence. The MIT Press, Cambridge, USA, 2^nd edition, 2000. ISBN 0-262-23203-0. Google ScholarDigital Library
Michael Wooldridge. An Introduction to MultiAgent Systems. John Wiley & Sons, Ltd., Sussex, England, 2002. ISBN 0-471-49691-X. Google ScholarDigital Library

Index Terms

Artificial intelligence applied to computer forensics
1. Computing methodologies
  1. Artificial intelligence
    1. Distributed artificial intelligence
      1. Multi-agent systems
2. Information systems
  1. Information systems applications

Recommendations

IT forensics: 22 years on

This paper examines the progress made in the area of 'digital forensics' and 'cybercrime investigation' since the author's first involvement in the subject in 1986. At that time, hard disk technology was in its relative infancy and examination of ...
Read More
Protecting Digital Data Privacy in Computer Forensic Examination
SADFE '11: Proceedings of the 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering

Privacy is a fundamental human right defined in the Universal Declaration of Human Rights. To enable the protection of data privacy, personal data that are not related to the investigation subject should be excluded during computer forensic examination. ...
Read More
A Cooperative Multi-agent Approach to Computer Forensics
WI-IAT '08: Proceedings of the 2008 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology - Volume 02

This article proposes the use of a collaborative multi-agent approach to develop a toolkit to assist the experts during the forensic examination process: MADIK - a Multi-Agent Digital Investigation ToolKit. The use of a multi-agent approach has been ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing
March 2009
2347 pages
ISBN:9781605581668
DOI:10.1145/1529282
Conference Chairs:
Sung Y. Shin
South Dakota State University, United States
,
Sascha Ossowski
University Rey Juan Carlos, Spain
Copyright © 2009 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 8 March 2009
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
JADE
artificial intelligence
computer forensics
digital investigation
multiagent systems
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate1,650of6,669submissions,25%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 28
  Total Citations
  View Citations
- 1,910
  Total Downloads
- Downloads (Last 12 months)78
- Downloads (Last 6 weeks)9
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Artificial intelligence applied to computer forensics

SAC '09: Proceedings of the 2009 ACM symposium on Applied Computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

IT forensics: 22 years on

Protecting Digital Data Privacy in Computer Forensic Examination

A Cooperative Multi-agent Approach to Computer Forensics