How Can Artificial Intelligence Be Used in Digital Forensics

The term ‘Artificial Intelligence(AI) may conjure images of machines from dystopian Hollywood movies, hell bent on the destruction of the human race, though despite its depiction by the film industry, AI is little more than an advanced form of digital programming. The thing that separates AI from a standard piece of software is the fact that it can process enormous amounts of data while maintaining a high degree of analysis. The reality of AI is that it is less of a killer robot and more like an advanced problem-solving tool. The fact that it has such a highly efficient data processing ability means it is the perfect accompaniment for digital forensics and incident response activity.

Digital Forensics at a Glance

Digital forensics falls within the field of forensic science, and its goal is the recovery, analysis and investigation of digital materials and devices that have been subjected to criminal activity. As technology becomes increasingly integrated into all human activity, digital devices and materials have become the primary source of evidence in many court proceedings – not just those involving cybercrimes.

Despite playing an important role in criminal investigations, digital forensics remains a relatively new field of forensic science – and for this reason, it is rapidly evolving as processes, methods and equipment are improved. It’s not just the fact that it’s a relatively new field either – the evolution is also accelerated by the constant technological advancements, and the need to keep up as new technologies are developed. In addition to this, cybercriminals are finding new ways to breach security defences, which, combined with the increased demand for digital forensics, means that many digital forensics teams have a heavy workload.

The increased burden on digital forensics teams makes the task of gathering accurate and timely results particularly difficult. In 2019, The Times reported that at any given time, forces across the UK have up to 2,000 digital devices awaiting analysis and across the 33 forces that provided data, there were 12,667 devices awaiting examination.

Forensics teams are being prevented from dealing with the evidence in a timely manner by the enormous backlogs that they are facing. Engineering and Technology reported in April 2020 that London’s Metropolitan Police estimated that 60 percent of its exhibits would take three months to examine, 39 percent would take three to 12 months and 1 percent would take more than 12 months. With government agencies struggling to analyse and document exhibits in a timely fashion, what does that mean for IT departments managing their incident response process? In order to have an effective incident response plan, organisations need to support their IT specialists with the resources they need to overcome a data breach. Artificial Intelligence may be the solution.

Artificial Intelligence in Digital Forensics

Artificial Intelligence is the perfect tool for digital forensics, not in the least due to its high data processing capabilities. It essentially streamlines the process of identifying the source of the problem, saving time and money. An example of how AI has been used in digital forensics is the Airbus bribing scandal, in which AI was used to review 60 million documents.

FRA forensic accountant Yousr Khalil led the team responsible for finding the needle in the haystack that was the proof of wrongdoing, after aerospace giant Airbus admitted paying bribes via middlemen. This was FRA’s largest job ever, in which they had to sift through a daunting mass of 500 million documents and transactions. After duplicates and irrelevant material were eliminated, the collection was whittled down to 60 million documents to be reviewed by the investigators – an impossible amount of work with manual searching. The team used pioneering AI technology to search the documents for patterns and snippets that were out of place, and found the evidence that they were looking for.

The ability of AI to search unstructured data, such as written documents, emails and memos, is part of what makes it such an incredible new tool in digital forensics. While basic term searches can often find information within tables and charts, a lot of information within other documents, such as those mentioned above, can be difficult to detect with these methods. The exchanges relating to bribery in the Airbus scandal were concealed in codes that related to medical notices. The learning capabilities of AI meant that it was able to rapidly identify the patterns of these codes, the more examples it was fed. The AI that was used in this case was able therefore able to rapidly scan millions of documents, based on a certain number attributes that were fed into the system. The more data that was put into the system, the better it was able to learn and score more rapidly and with greater accuracy.

Despite the fact that the AI program used by FAR was advanced and supported by $100,000 computers, it was still 4 years before the process was completed. Greg Mason, a founding partner of FRA, stated that a mere 5% of the documents that were set aside for analysis were reviewed by the investigating team. Although that equates to 3 million documents, it highlights the crucial beneficial role that AI can play in investigations involving large corporations. This is due to the automation of many time-consuming investigation processes that would overwhelm a small forensics team facing a collection of evidence this large.

The Incorporation of AI into Corporate Digital Forensics

No matter how large or small your organisation, it is possible that the tally of documents, files and items of data that you possess may be in the hundreds of thousands, based on the age of your business alone. In the event of your company being subjected to a data breach or cyber-attack, the task of carrying out a large-scale digital forensics investigation without AI will be difficult, if not impossible. Such an investigation will also no doubt require both tools and resources beyond those possessed by your IT department. Either way, enlisting the help of cybersecurity experts who are able to offer a thorough, timely and effective data analysis will help you to get your company back on track.

If you are looking for a cybersecurity provider that you can trust to help you to improve your incident response activity and data recovery, Advanced German Technology (AGT) will have you covered. Our team of leading experts and professionals can help your organisation recover from cyber-attacks so that you can safeguard your assets and identify and address the security vulnerabilities that led to the breach. To learn more about how we can help you with your disaster recovery plan, contact us today.