Efficient Computer Forensic Analysis Using Machine Learning Approaches

In this digital era, the number of Cybercrimes is increasing that has resulted in increased number of pending cybercrimes cases such as artifacts as a malware, hacking and cyber fraud or e-harassment. In order to deal with these cases, digital forensics must include the concrete law enforcement in the court of law. In digital forensics, it is challenging task to detect reliable evidence because of worldwide use and advancements in digital communication technologies. Common approaches such as file signature analysis and the data carving can be done using the forensics tools, however, digital evidence examiners are keen to find the relevant data which helps in finding the truth behind the case. To reduce the examination time in the data examination or analysis process, this paper explores the role of unsupervised pattern recognition to identify the notable artefact. The Self-Organising Map (SOM) is used to automatically cluster notable artefacts. In this work, four cases are presented to demonstrate the use of SOM in examining the digital data saved in a CSV format. Multiple SOMs are created including Extension Mismatch SOM that represents the intentional changes done on the default extension of the file in order to hide it from the forensic examiner. Other types of SOM are created for the EXIF Metadata (i.e. MAC attributes). USB Device Attached (Device Make, Device Model, Device ID, Date/Time, Source File, Tags).