Open Access iconOpen Access

ARTICLE

crossmark

AI-Driven Prioritization and Filtering of Windows Artifacts for Enhanced Digital Forensics

Juhwan Kim, Baehoon Son, Jihyeon Yu, Joobeom Yun*

Department of Computer and Information Security, and Convergence Engineering for Intelligent Drone, Sejong University, Seoul, 05006, Republic of Korea

* Corresponding Author: Joobeom Yun. Email: email

Computers, Materials & Continua 2024, 81(2), 3371-3393. https://doi.org/10.32604/cmc.2024.057234

Abstract

Digital forensics aims to uncover evidence of cybercrimes within compromised systems. These cybercrimes are often perpetrated through the deployment of malware, which inevitably leaves discernible traces within the compromised systems. Forensic analysts are tasked with extracting and subsequently analyzing data, termed as artifacts, from these systems to gather evidence. Therefore, forensic analysts must sift through extensive datasets to isolate pertinent evidence. However, manually identifying suspicious traces among numerous artifacts is time-consuming and labor-intensive. Previous studies addressed such inefficiencies by integrating artificial intelligence (AI) technologies into digital forensics. Despite the efforts in previous studies, artifacts were analyzed without considering the nature of the data within them and failed to prove their efficiency through specific evaluations. In this study, we propose a system to prioritize suspicious artifacts from compromised systems infected with malware to facilitate efficient digital forensics. Our system introduces a double-checking method that recognizes the nature of data within target artifacts and employs algorithms ideal for anomaly detection. The key ideas of this method are: (1) prioritize suspicious artifacts and filter remaining artifacts using autoencoder and (2) further prioritize suspicious artifacts and filter remaining artifacts using logarithmic entropy. Our evaluation demonstrates that our system can identify malicious artifacts with high accuracy and that its double-checking method is more efficient than alternative approaches. Our system can significantly reduce the time required for forensic analysis and serve as a reference for future studies.

Keywords


Cite This Article

APA Style
Kim, J., Son, B., Yu, J., Yun, J. (2024). Ai-driven prioritization and filtering of windows artifacts for enhanced digital forensics. Computers, Materials & Continua, 81(2), 3371-3393. https://doi.org/10.32604/cmc.2024.057234
Vancouver Style
Kim J, Son B, Yu J, Yun J. Ai-driven prioritization and filtering of windows artifacts for enhanced digital forensics. Comput Mater Contin. 2024;81(2):3371-3393 https://doi.org/10.32604/cmc.2024.057234
IEEE Style
J. Kim, B. Son, J. Yu, and J. Yun, “AI-Driven Prioritization and Filtering of Windows Artifacts for Enhanced Digital Forensics,” Comput. Mater. Contin., vol. 81, no. 2, pp. 3371-3393, 2024. https://doi.org/10.32604/cmc.2024.057234



cc Copyright © 2024 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 145

    View

  • 93

    Download

  • 0

    Like

Share Link