Explainable AI for Digital Forensics #researchawards

on

Bridging Knowledge Gaps in Digital Forensics Using Unsupervised Explainable AI

Organized by: International Forensic Scientist Awards
Website: forensicscientist.org

14th Edition of Forensic Scientist Awards 26-27 September 2025 | Mumbai, India

In today’s digital era, cyber threats are evolving at a pace faster than ever. From malware obfuscation to memory tampering, investigators are often faced with complex, high-volume, and unlabeled data that challenge traditional methods of digital forensics (DF). While Artificial Intelligence (AI) is increasingly being used to assist in this field, its credibility depends not only on accuracy but also on explainability—especially when expert evidence must stand in a court of law.

Most existing Explainable AI (XAI) solutions are designed for supervised learning, where labeled data is available. However, in real-world digital forensics, data is rarely cleanly labeled. This makes unsupervised learning a more practical and powerful approach.

Our Research Focus

This study explores how unsupervised learning-based XAI can fill critical knowledge gaps in digital forensics by detecting anomalies and clustering malicious activity in complex datasets. Using a memory forensics case scenario, we applied multiple unsupervised algorithms including:

  • Isolation Forest

  • Autoencoder

  • K-means

  • DBSCAN

  • Gaussian Mixture Model (GMM)

These methods were tested across different categorical levels using the CIC MalMemAnalysis-2022 dataset, covering binary and multivariate (4, 16) categories.

Key Insights

  • Anomaly Detection & Clustering: The models successfully identified patterns in obfuscated malware and anomalies in large-scale forensic data.

  • Performance Evaluation: Metrics like accuracy, confusion matrices, and Adjusted Rand Index (ARI) helped validate the clustering results.

  • Explainability with SHAP: To ensure transparency, we used Shapley Additive Explanations (SHAP), generating intuitive visualizations such as force plots, waterfall charts, scatter plots, and summary plots. These local and global explanations helped demystify the "black box" nature of AI.

  • Dimensionality Reduction: Interestingly, SHAP explanations themselves showed potential for simplifying high-dimensional data without losing forensic relevance.

Why This Matters

By combining unsupervised learning with explainable AI, forensic experts can gain deeper, more interpretable insights into hidden patterns within digital evidence. This approach not only improves accuracy in anomaly detection but also strengthens the trustworthiness of forensic results in legal and investigative contexts.

🔗 Learn more and apply at:

https://forensicscientist.org/

Nominations Open Now: Click here

–––––––––––––––––––––––––––––––––––––

Get Connected Here:

🔹You Tube: Watch on YouTube

🔹Twitter: Follow on Twitter

🔹Instagram:  Follow on Instagram

🔹WhatsApp Channel: Follow on WhatsApp

Comments

Post a Comment