In the field of digital investigation, Artificial Intelligence (AI) has become an invaluable tool ✨. Its ability to process large amounts of data and find patterns helps prevent investigators from overlooking small details that could be key to solving a case.
Digital research is a process that seeks to answer questions about events in electronic data sources such as computers, mobile devices, pen drives, external disks, networks, RAM, servers, etc.
Audios, videos, photos, documents, messages, emails and in general all data stored in these sources can be used as digital evidence and be part of an investigation to solve any type of crime that may have occurred in a corporate environment.
Digital forensic analysis
✅ For evidence to be valid in court, it is necessary to follow the principles of digital forensics, which aim to preserve the integrity and maintain a strict chain of custody of the data under investigation.
Some crimes that are often subject to internal investigations within companies include:
- exposure of confidential data
- misappropriation of funds
- or exfiltration of intellectual property information
However, in the corporate environment, forensic analysis is also used as part of incident response, making it possible to determine for example whether a computer has been infected by malware, whether there has been an intrusion into the company’s systems or to determine what moves an attacker has made within the organization’s infrastructure.
Regardless of the purpose or need of the investigation, forensic analysis should be done in four phases: collection, evaluation, analysis, and reporting.
During the forensic process, after collecting, data sources are transformed into evidence 👀.
- Examination. The first transformation occurs when data is extracted from the sources and a format is generated that can be processed by forensic tools, most commonly the E01 format.
- Analysis. The second occurs when the data is transformed into information that can be analyzed by a researcher.
- Reporting. Finally, the last transformation occurs when a report is generated where only those findings within the data that are relevant to the case are included.
📱 Mobile devices: a source of evidence in investigations
Nowadays, many investigations focus on the analysis of data from mobile devices, as they contain a wealth of information and are therefore a relevant source of evidence for solving a crime.
The person in charge of data extraction is usually a forensic analyst, a role that must be performed by qualified personnel as one of its main objectives is to preserve evidence and prevent data loss during acquisition.
Some methodologies can be highly invasive, such as Chip-Off and Micro Read. Both are very sophisticated procedures, require a high level of precision, are very costly and any error could result in the definitive loss of data.
Main AI applications in forensic research
Once the acquisition or extraction of the contents of the device is done, AI comes into play.
Many tools on the market integrate artificial intelligence-based functionalities that help forensic analyst speed up investigations. This makes it possible to quickly discard data that is not relevant to the case, and focus on data that is relevant to the case.
Given the sheer volume of photos and videos stored on today’s mobile phones, it seems impossible to imagine that an analyst could go through all the stored images one by one and be able to identify those that might be relevant.
1. Automatic image recognition 🤳
One of the main applications of AI in the field of research is of automatic image recognition. This consists of training these tools to be able to identify and classify photographs into categories of interest based on their content.
For example, if a 64GB mobile phone can store 27,000 photos, an analyst would have to spend several days analyzing the content of each photo to determine whether any of them might be relevant.
With AI, these tools are taught to classify images into categories such as:
- credit cards
- people’s faces
Thus, once the evidence is loaded, they have the ability to recognize the content of the images and classify them into the appropriate category automatically.
2. Natural Language Processing 👅
Another AI application that is instrumental in accelerating digital research is Natural Language Processing (NLP).
This functionality allows the identification of language patterns in text messages, emails, or documents that could indicate criminal activity.
As in the case of image recognition, the tools are trained to use linguistic analysis to categorize texts and identify, for example, the subject matter of a document, the entities or proper names that are mentioned in a text, spam in emails, or even to identify positive or negative sentiments in emails.
As for sentiment analysis, Natural Language Processing (NLP) can automate the recognition and understanding of opinions expressed in a text and classify them as positive 😊, negative 😡, or neutral 🙄.
This functionality allows investigators to focus on documents or emails that contain negative messages and are related to an entity or person under investigation.
We need AI to deal with the large volume of data
In 2021, mobile users downloaded more than 435,000 apps. During 2022, 63% of the world’s population had an internet connection, and of these 92.4% used a mobile phone as a device to connect to the internet. In addition, the number of mobile phones exceeded 15 billion in the same year.
The above statistics mean that every day there are billions of people receiving calls, writing messages, downloading applications, accessing social networks, in short, generating data.
Today’s numbers are just the beginning of connectivity that will only grow with the advent of 5G and the addition of new IoT-connected devices. So it seems essential that digital research tools are not left behind.
Given the huge volume of data that the future holds, a very near future, it is necessary for artificial intelligence to become the analysts’ ally so that they can process all the information and identify patterns that will help them “find the needle in the haystack”.
And while AI is one more tool at the researcher’s disposal that cannot replace human judgment and expertise, at least for now, its use will have to be extended to more applications if answers to future research are to be obtained.
Santander Digital Services is a Santander company, based in Madrid with more than 7,000 employees. We are working to move Santander towards a Digital Bank with branches.
Take a look at the job opportunities to work in tech here and Be Tech! with Santander 🚀
Follow us on LinkedIn and Instagram.