Forensic AI: The Increasing Automation of Digital Forensics

Digital devices and data are everywhere. In such a saturated environment, digital forensics—which is the process of uncovering and interpreting electronic data for use in investigations—is the hunt for smaller and smaller needles in an exponentially increasing haystack. Advances in AI and artificial intelligence could be part of the solution.

AI is being implemented in practically every field and discipline, and digital forensics is no exception. But it’s not a plug-and-play fix. The field of forensics requires unique considerations. Human experts are still needed to audit, assist, and interpret the findings of AI-powered tools. To keep pace with the future, aspiring digital forensics specialists seeking their education will likely need to select programs prioritizing AI, automation, and other forms of cutting-edge tech.

The partnership between AI and automation in digital forensics is already underway. Read on to learn more about the associated challenges and opportunities and where it’s headed next.

Meet the Expert: Kim-Kwang Raymond Choo, PhD

Dr. Raymond Choo holds the Cloud Technology Endowed Professorship at the University of Texas, San Antonio, where he is also the assistant department chair of Information Systems and Cyber Security (ISCS). He received his PhD in information technology from Queensland University of Technology, Australia. His research interests include blockchain, big data analytics, cybersecurity, and digital forensics. His heavily-cited work has been funded by NASA, the National Security Agency, the US Department of Defense, and many others.

Dr. Choo is an Association for Computing Machinery (ACM) Distinguished Speaker and IEEE Computer Society Distinguished Visitor (2021-2023). In 2015, he and his team won the Digital Forensics Research Challenge organized by Germany’s University of Erlangen-Nuremberg. He is the recipient of the 2022 IEEE Hyper-Intelligence TC Award for Excellence in Hyper-Intelligence Systems, the 2022 IEEE TC on Homeland Security Research and Innovation Award, the 2022 IEEE TC on Secure and Dependable Measurement Mid-Career Award, and the 2019 IEEE TC on Scalable Computing Award for Excellence in Scalable Computing.

The Use of AI & Automation in Digital Forensics

“The digital forensics industry—and, more broadly, the cybersecurity industry—has recognized the importance of integrating automation and artificial intelligence in their solutions and products,” Dr. Choo says.

AI and automation excel at performing repetitive tasks. Think of brute-forcing a nine-digit password: it’s impractical for a human, but trivial for a machine. That makes AI and automation a perfect fit for digital forensics, where the increasing volume and complexity of disaggregated data makes manual processes infeasible.

AI algorithms can sift through massive datasets quickly, flagging potentially relevant information for follow-up. Machine learning models can be trained to recognize particular digital artifacts, such as images, text, or patterns of malicious activity. Automated tools can also detect patterns within the noise, which may fuel predictive capabilities.

Challenges in the Use of AI & Automation in Digital Forensics

But AI and automation are not flawless. Training data and algorithms can contain implicit, unintended biases that replicate themselves in skewed results. Without proper oversight, no automated system can be considered fully reliable.

“Existing commercial digital forensics tools support automation to some extent, but there is still a need for a human expert,” Dr. Choo says.

Many AI-powered tools can yield extremely compelling results, but most aren’t adept at explaining how they arrived at those results. This type of opaque system is referred to as a “black box.” A black box system may not be a concern for the average end-user of a large language model (LLM) like ChatGPT.

But in forensics, where findings may be used in court to determine fault, having transparent and auditable decision-making during the investigative process is not a nice to have—it’s a must. Newer forms of eXplainable AI (XAI), working in concert with human experts, could be the answer.

“In our NSA-funded project, we proposed a ‘Human-in-the-Loop Explainable-AI-Enabled Vulnerability Detection, Investigation, and Mitigation’ (HXAI-VDIM) system, where the security analyst or forensic investigator is integrated into the man-machine loop, leveraging eXplainable AI (XAI) to combine AI and Intelligence Assistants (IA) in amplifying human intelligence in both proactive and reactive processes,” Dr. Choo says.

The Future of Automation in Digital Forensics

The future of digital forensics will likely never be fully automated, but it will be increasingly hybrid, and tomorrow’s aspiring digital forensics experts will receive markedly different educations than the current crop of industry veterans.

Dr. Choo’s paper for the 2021 National Cyber Summit (NCS) included a two-year scan of digital forensics programs across the country, focusing on challenges and opportunities in digital forensics education. That paper found a lack of standardization and structure in new and existing digital forensics programs, which were scattered between different colleges and departments.

“We also observed the need to introduce contemporary and emerging technologies, and topics such as automation, into digital forensics programs,” Dr. Choo says. “Hence, our new bachelor’s degree in applied cyber analytics is designed to train students in using artificial intelligence and analytics to solve cybersecurity and forensics problems and challenges.”

Digital forensics will continue to evolve rapidly in the coming years. Advances in AI, IoT, cloud computing, and even quantum computing are already opening up new horizons. While the technology increases in power and capability, it will fall on tomorrow’s digital forensics experts to assist in the accuracy, efficiency, and accountability of those tools.