People who investigate cybercrimes have an increasingly large and complex pool of data to sift through, from encrypted communication and social media interactions to data stored on the internet of things devices. The current intensive and manual approaches for searching and analyzing digital evidence are not capable of dealing with the increased complexity of digital forensics. Cybercrimes investigators must reason and discover over a large amount of sophisticated data in a relatively short time frame. While artificial intelligence (AI) has a lot to offer to the digital forensics community, AI utilization in digital forensics is still at a very early stage.
The long-term goal of this research project is to build an autonomous AI-based system to detect artifacts of interest from all sources of data and analyze them as required. Given the current state of AI-based digital investigation systems, the near-term goal of this program is to build a representation of information into a “smart system” to record, reason about, and exchange information of investigation cases and to detect artifacts of forensics value from complex and uncertain data. The near-term objectives that are pursued in this program are:
1) building a representation of properties of digital evidence suitable for recording, reasoning about, and exchanging information of investigation cases;
2) using AI to automate components of an investigation process such as looking for a particular file, event or log over complex and uncertain datasets;
3) building AI-based decision-making support systems that suggest the best courses of action in collaborative and mission-critical investigation tasks.
The proposed research will help Canada to establish its leadership in AI and digital forensics and trains at least 8 HQPs who help meet Canada’s demand for digital investigators and AI experts. We are creating large and re-usable repositories of digital investigation cases which provide a reusable collection of background knowledge for both human and AI agents. Moreover, as most of the digital examination cases are collaborative and mission-critical tasks, the ability to reason about evidence discovery and analysis process and knowing the best follow-up activities would assist investigators to make rapid and informed decisions.
Project Status: Approved and Funded