Artificial Intelligence and Digital Computer Forensics is the investigation in cybersecurity. This paper provides a review the scholarly literature to identify how AI has been studied in relationship between Artificial Intelligence and Digital Computer Forensics.
The Reverse Engineering with Ghidra platform is used by reverse engineering teams in cybersecurity. The platform supports research of harmful software but is safely analyzed to learn how it works and how to protect against it. In March 2019, the National Security Agency made Ghidra, a software reverse engineering tool, available to the public (Orellano, 2021). Ghidra can decompile binaries and approximate the source code that was used to create them. The text refers to a thesis that intends to assess Ghidra’s decompiling abilities and quantify the similarity between the original source code and Ghidra’s output. To achieve this, the Lempel-Ziv Jaccard Distance (LZJD, a similarity algorithm based on Normalized Compression Distance, will be applied. The aim is to have an algorithm that can measure the similarity between the original C code and Ghidra’s decompiled output (Orellano, 2021).
Other academic papers that the author read for this assignment highlighted the significance of malware analysis and detection in protecting against cyber-attacks such as ransomware. The author’s study aims to develop a defensive solution against ransomware using an AI-powered hybrid approach (Poudyal, 2021). This approach involves a deep inspection for multi-level profiling of crypto ransomware, extracting unique features at DLL (Dynamic Link Library, function call, and assembly levels. The author’s hybrid multi-level analysis approach combines advanced static and dynamic methods and a new strategy of analyzing behavioral chains with AI techniques. Moreover, association rule mining, natural language processing techniques, and machine learning classifiers are used for building a ransomware validation and detection model. Tests with samples from VirusTotal showed that multi-level profiling can better identify ransomware samples among other malware families and benign applications with higher accuracy and a low false-positive rate. The scholarly paper indicates that this method can detect ransomware and other malware families for devices on multiple platforms.
An article from research at Morganton State University that was reviewed for this project was featured on the NAS website. It discussed how AI and Ghida can help protect the data collected and stored by current vehicles, which could pose a risk to the privacy and safety of the users if not secured. Vehicles are also part of the IoT, which has limited vendor support and security measures. NSA and Morgan State University work together on a research project to use Ghidra, a tool that NSA created for reverse-engineering, to find and fix cyber vulnerabilities in vehicles. Ghidra is a tool that can convert firmware from different electronic control units (ECUs in vehicles into source code for analysis. The Vehicle Systems Software Analysis team at NSA uses Ghidra to conduct vulnerability research and develop countermeasures for vehicle cybersecurity (National Security Agency, 2021). The partnership and the research project are part of NSA’s academic engagement strategy to support its mission of protecting the nation and attract and retain talent in cybersecurity.
The impact on society with benefits and risks
What was its impact on society? Is it beneficial or does it have risks related to its use?
The NSA news release describes how Ghidra, a software reverse engineering framework that the National Security Agency (NSA launched at the 2019 RSA Conference), affected the field. The release generated a lot of interest, with hundreds of thousands of downloads and millions of website views afterwards. Since then, Ghidra has become widely used in college courses and the topic of many how-to books and videos. It has been applied by big technology and cybersecurity companies for examining consumer devices like Wi-Fi routers, car electronics, and voting machines. Ghidra has been constantly updated and enhanced since its launch, with over one million public downloads in the last four years.
The NSA has highlighted Ghidra’s function in leveling the cybersecurity landscape and its dedication to creating and sharing technology that improves national security. Ghidra has also encouraged participation in the open-source community, with the NSA even adopting contributions made by public users.
AI supports the topic of AI with Digital Computer Forensics
How well does AI support your topic?
AI and Digital Computer Forensics have several research fields. This area uses AI’s ability to find and identify patterns to reveal hidden evidence in digital data. It evaluates, standardizes, and improves the techniques for mining digital evidence as shown in Table 1 below.
Table 1
Digital Computer Forensics areas of improvements needed.
Application Description
Data Gathering and Restoration AI and ML methods are being used to enhance the speed and quality of data gathering and restoration in digital forensics.
Timeline Reconstruction of Cybercrimes AI is being used to rebuild the order of events in cybercrime cases, providing a more complete insight into the crime.
Large Data Analysis AI and ML are being used to examine big and complicated datasets, which is especially helpful in digital forensics given the growing size of digital evidence.
Pattern Detection AI is being used to detect patterns in digital evidence, which can assist in identifying the way of operation of cybercriminals.
Protecting the Chain of Evidence AI is being used to maintain the authenticity of digital evidence from the moment of collection to its use in court.
Reactive Strategies to Hacking Events AI is being used to create reactive strategies to hacking events, helping to reduce the effect of such events.
AI can enhance the efficiency and precision of digital computer forensics in these areas. But they also indicate the need for ongoing research to address the challenges and limitations of using AI in this field.
Better integration between AI and digital forensics. The text describes the growing interest in Artificial Intelligence (AI across all sectors, including digital forensics, as we enter 2023. AI replicates human reasoning and mental processes, simplifying and automating existing processes, and minimizing human involvement. In digital forensics, one of the main difficulties is handling large amounts of complex data. AI can accelerate the process of sorting through data and gathering what’s relevant, saving time and resources. Computer-based programs can smartly perform tasks, collect data, and preserve it, helping digital experts develop better solutions. The text implies that AI will keep transforming digital forensics in 2023 and beyond (Eclipse Forensics, 2024).
Conclusion
Conclude your evaluation by describing a research problem that AI researchers feel needs further attention.
If you do not discover a problem in the literature, briefly describe what would you like to see possible in the future to strengthen the use of AI for cybersecurity.
AI and Digital Forensics indeed require further research. The integration of AI in digital forensics has the potential to address complex investigative problems and enhance the efficiency of forensic analysis. However, there are still challenges to overcome. In research for this paper some of the articles included the complexity of AI has impeded the domain’s acceptable validation and consistency. There is also a need for AI methodologies to be explainable and valid for legal purposes. Furthermore, research is needed to evaluate, standardize, and optimize techniques applicable to AI models used in digital forensics. The field of AI and Digital Computer Forensics is a promising area for future research.
An additional example of AI and forensics science continues to be evaluated by scholarly researchers even in law offices focused on legal medicine. One of the scholarly articles included discussion of the application of artificial intelligence (AI) in various branches of forensic sciences (Galante, 2022). AI has been used to overcome human bias in traditional forensic methods, aiding in tasks such as sex prediction, age estimation, and the identification of diatom taxonomy. The paper is a systematic review following the PRISMA 2020 statements, aiming to explore this emerging topic in forensic literature. It provides a critical review of AI’s current applications in forensic sciences and its future directions (Galante, 2022). The results are divided into five subsections: forensic anthropology, forensic odontology, forensic pathology, forensic genetics, and other forensic branches. The discussion highlights the potential benefits of AI in these fields, while also addressing existing questions and issues regarding its application in real-life scenarios. The article also provides procedural notes and technical aspects for readers.
References
Eclipse Forensics. (n.d.). How will AI transform digital forensics in 2023 and beyond?1 Retrieved February 26, 2024, from https://eclipseforensics.com/how-will-ai-transform-digital-forensics-in-2023-and-beyond/
Galante, N., Cotroneo, R., Furci, D. et al. (2022), Applications of artificial intelligence in forensic sciences: Current potential benefits, limitations and perspectives. Int J Legal Med 137, 445–458 (2023). https://doi.org/10.1007/s00414-022-02928-5
National Security Agency/Central Security Service. (2023, March 6), Four years later: The impacts of Ghidra’s public release. https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/3319971/four-years-later-the-impacts-of-ghidras-public-release/
NSA. (2024, February 23). Cybersecurity Speaker Series: Ghidra — Beyond the Code. NSA.gov. Cybersecurity Speaker Series: Ghidra — Beyond the Code > National Security Agency/Central Security Service > Article (nsa.gov)
National Security Agency. (2021, May 14). NSA, Morgan State University Use Ghidra to Mitigate Vehicle Cyber Vulnerabilities. https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2607059/nsa-morgan-state-university-use-ghidra-to-mitigate-vehicle-cyber-vulnerabilities/
Poudyal, S. (2021). Multi-Level Analysis of Malware Using Machine Learning (Order No. 28645891). Available from ProQuest Dissertations & Theses Global. (2567952022). https://coloradotech.idm.oclc.org/login?url=https://www.proquest.com/dissertations-theses/multi-level-analysis-malware-using-machine/docview/2567952022/se-2