Artificial intelligence applied to computer forensics

Hoelz, Bruno W. P.; Ralha, Célia Ghedini; Geeverghese, Rajiv

doi:10.1145/1529282.1529471

Cited by 38 publications

(11 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Currently, network forensics is not apart of the average intrusion detection toolkit and is considered to be a separate component to signature and anomaly detection. However, the process itself is efficient [4] in the way evidence is searched for in only those locations that the analyst would expect evidence to be found in, given what is already known, and so would be valuable to the efficiency of an IoT security system by reducing the overall amount of work done by only search in the network locations that are more likely to contain digital evidence.…”

Section: Network Forensicsmentioning

confidence: 99%

Multi-agent systems for scalable internet of things security

Kendrick

Hussain

Criado

et al. 2017

Proceedings of the Second International Conference on Internet of Things, Data and Cloud Computing

View full text Add to dashboard Cite

Providing effective and scalable real-time security to Internet of Things devices can be a challenging task given the limited computational capacity of the devices and the amount of network traffic that can be viewed at any given time. Multi-Agent Systems have proven to be a valuable tool within the areas of cyber security, distributed networks and legacy systems because of their scalable and flexible architecture. In this paper we present a novel implementation of a Completely Decentralised Multi-Agent System for use within, or to support, Internet of Things networks through the distributed processing of security events to offload the computational cost of data processing from Internet of Things devices. The concepts of conditions and effects are introduced to allow agents to describe digital evidence found in an abstract language instead of sharing individual pieces of data to mitigate concerns of data leakage in extended networks. Emphasis is placed upon the scalable architecture design allowing domain experts to independently create agents specific to a particular technology or application process which will automatically work with other existing agents without further configuration.

show abstract

Section: Network Forensicsmentioning

confidence: 99%

Multi-agent systems for scalable internet of things security

Kendrick

Hussain

Criado

et al. 2017

Proceedings of the Second International Conference on Internet of Things, Data and Cloud Computing

View full text Add to dashboard Cite

show abstract

“…Therefore, it also still requires knowledge of the file system and understanding of file and inode structures. Hoelz et al (2009) developed a program called MultiAgent Digital Investigation toolKit (MADIK), a multiagent system to © 2014 ADFSL assist the computer forensics expert on its examinations. They applied AI approach to the problem of digital forensics by developing multiagent system where each agent specializes on a different task such as hashing, keyword search, windows registry agent and so on.…”

Section: The Digital Forensics Framework (Dff)mentioning

confidence: 99%

Audit: Automated Disk Investigation Toolkit

Karabiyik¹,

Aggarwal²

2014

JDFSL

View full text Add to dashboard Cite

Software tools designed for disk analysis play a critical role today in forensics investigations. However, these digital forensics tools are often difficult to use, usually task specific, and generally require professionally trained users with IT backgrounds. The relevant tools are also often open source requiring additional technical knowledge and proper configuration. This makes it difficult for investigators without some computer science background to easily conduct the needed disk analysis. In this paper, we present AUDIT, a novel automated disk investigation toolkit that supports investigations conducted by non-expert (in IT and disk technology) and expert investigators. Our proof of concept design and implementation of AUDIT intelligently integrates open source tools and guides non-IT professionals while requiring minimal technical knowledge about the disk structures and file systems of the target disk image.

show abstract

“…Other related work by Hoelz, et al [6] uses distributed agents to reduce the scope of a KFF search. However, our approach, which uses data mining, represents an improvement over the multi-agent system approach.…”

Section: Related Workmentioning

confidence: 99%

A New Approach for Creating Forensic Hashsets

Ruback

Hoelz

Ralha

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

The large amounts of data that have to be processed and analyzed by forensic investigators is a growing challenge. Using hashsets of known files to identify and filter irrelevant files in forensic investigations is not as effective as it could be, especially in non-English speaking countries. This paper describes the application of data mining techniques to identify irrelevant files from a sample of computers from a country or geographical region. The hashsets corresponding to these files are augmented with an optimized subset of effective hash values chosen from a conventional hash database. Experiments using real evidence demonstrate that the resulting augmented hashset yields 30.69% better filtering results than a conventional hashset although it has approximately half as many (51.83%) hash values.

show abstract

Artificial intelligence applied to computer forensics

Cited by 38 publications

References 12 publications

Multi-agent systems for scalable internet of things security

Multi-agent systems for scalable internet of things security

Audit: Automated Disk Investigation Toolkit

A New Approach for Creating Forensic Hashsets

Contact Info

Product

Resources

About