**1. Introduction**

Worldwide usage of mobile smart devices has increased dramatically over the past two decades and is becoming the part of our daily life. The term smart device ranges from variety of devices that includes mobile phones, smartphones, tablets, GPS and so on. The popularity of these smart devices is increased significantly due to their processing power, huge storage capabilities and less cost. Consequently, they can hold the enormous amount of commercial and private user's data. These devices are the essential part of our daily life because they contain private and essential information of users. However, these devices are also vulnerable to attackers and are often becoming the major part of criminal's activities, IP theft, intrusions, security threats, accidents reconstructions and many more. The number of digital crimes equally increases as the new technologies, i.e. digital devices and

internet, increases. As a result, we are becoming the soft target for various types of cybercrimes and digital attacks.

The Digital Forensic Research Workshop (DFRWS) has defined digital forensics (DF) as "The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations".

Todays, DF demands are increasingly important. DF investigation procedures help to capture important information from the compromised device. Nowadays, businesses deeply depend on the digital devices and on the Internet. Capturing the indispensable evidences from these devices is equally important. Digital evidence should be gathered from the system to support or deny some reasoning an investigator may have about the incident.

It is important to know that how to recover digital evidences which can be interested for investigators. However, current human power and other available resources are not enough to fully investigate the digital crimes on digital devices. Further, existing digital investigation procedures and practices require huge interaction with humans; as a result it slows down the process with the pace digital crimes are committed.

In this chapter, we have thoroughly discussed the current advancement of machine learning forensics (MLF) in digital forensic investigation (DFI). We present the latest surveys in this field and give critique comparisons of these approaches.

### **1.1 Historical perspective of digital forensic investigations**

Digital forensic or computer forensic is first presented by 1970 [1]. In the first investigation, the financial fraud is proven from the suspect's computer. The first prosecuted computer crime was reported in 1996. The computer crime is defined as when the computer is the major effect for offense and facilitates the tool to

**5**

each other's.

a.Artificial intelligence

through its sensors.

b.Machine learning

*Advancing Automation in Digital Forensic Investigations Using Machine Learning Forensics*

increasing number of frequency of use for investigation purposes (**Figure 1**).

**2. Artificial intelligence (AI), machine learning (ML) and deep learning**

AI is the science of making things smart or the capability of the machines (e.g. visual recognition, NLP, etc.) to perform human tasks. The important point is that AI is not machine learning or smart things. AI can be viewed as the things that can carry the human tasks and make these tasks easy. The AI technology is increasing day by day, and its enormous use also significantly increases the number of malicious activities. Artificial intelligence programs are called intelligent agent. Intelligent agents are used to interact with the environment. The agent uses the technique to identify the environments through its sensors, and then it can take the action to affect the state

The important aspects in the AI technologies are how the sensors are used to collect the data and how it maps to the actuators; this is how the functions within the agents can perform these consequences. The ultimate goal of the AI is to develop the machine that acts just like humans. This task can be accomplished by only using the learning algorithms to which it is aimed to try to make a sketch of the human brain learnings. AI technologies give very good advantages and have a bright future ahead. However, these technologies are also unavoidably used for execution

ML is one of the approaches of AI that uses a system that can be learned by itself from experience. It is not used for only AI purposes such as copying human behaviour but also needs to reduce the human efforts and time spent to perform the difficult and even the simple tasks. ML can be viewed as a system that can learn from experience and examples rather than from programming. Thus, if the system learns constantly and makes a decision based on the data rather than programming, then it's called ML. ML is developed as a new technology to provide new functionalities for computers and is used for industry and science. There are many autonomous solutions based on ML for medical science, robotics, engineering and so on.

of some serious crimes that can be dangerous for people.

It's important to examine how actually AI, ML and deep learning (DL) methods can help in solving the problems of DF and how these methods differentiate with

commission a crime [2]. The first prosecuted computer crime was reported in Texas, USA, in 1996 [3] and resulted in a 5-year sentence. In 1990, computer-based digital crimes started to grow with the increasing popularity of the computers and the Internet. The computer forensic is developed as the independent field in the late 1990s and in the early 2000s. The CSI surveys report that almost 46% among the respondents were affected by some kind of computer crimes [4]. The 2010 Gallup surveys reports that 11% of the American adult become victim of computer- or Internetrelated crimes in their homes. This ratio is 6–8% more than the last 7 years. A survey conducted by "Australian Company Crime Survey" [5], estimated that A\$ 2,000,000 financial fraud and information breaches occurs in 2006. Company Crime Survey, its estimated A\$ 2,000,000 financial fraud and information breaches in lost revenue. The term digital forensic is used nowadays with the advent of new digital devices with

*DOI: http://dx.doi.org/10.5772/intechopen.90233*

**Figure 1.** *Taxonomy of digital investigations.*

*Advancing Automation in Digital Forensic Investigations Using Machine Learning Forensics DOI: http://dx.doi.org/10.5772/intechopen.90233*

commission a crime [2]. The first prosecuted computer crime was reported in Texas, USA, in 1996 [3] and resulted in a 5-year sentence. In 1990, computer-based digital crimes started to grow with the increasing popularity of the computers and the Internet. The computer forensic is developed as the independent field in the late 1990s and in the early 2000s. The CSI surveys report that almost 46% among the respondents were affected by some kind of computer crimes [4]. The 2010 Gallup surveys reports that 11% of the American adult become victim of computer- or Internetrelated crimes in their homes. This ratio is 6–8% more than the last 7 years. A survey conducted by "Australian Company Crime Survey" [5], estimated that A\$ 2,000,000 financial fraud and information breaches occurs in 2006. Company Crime Survey, its estimated A\$ 2,000,000 financial fraud and information breaches in lost revenue. The term digital forensic is used nowadays with the advent of new digital devices with increasing number of frequency of use for investigation purposes (**Figure 1**).
