**Author details**

*Digital Forensic Science*

share the same IP address.

and results.

• Machine learning forensics solutions should:

○ Explain well the reasoning process.

○ Have data availability to support modeling.

○ Address well-scoped problems and methodology.

○ Formally structure the representation of knowledge.

○ Integrate with current architecture, tools and applications.

○ Have well-organized performance evaluation.

Consequently, it is almost impossible for the forensic experts to perform the proper data analysis of each machine individually and also perform the crosscheck on each machine's process. That limits the capability of the human works. In this line of reasoning, a huge amount of data needs to be sent to laboratory for forensic purposes with limited time and available resources. In a real-time digital forensic investigation, it is very difficult to determine in early stages which evidence is more important and relevant for investigating the crime, as an example, if we consider the cybercafé or a network of computers where several computers

On the other hand, the intelligent tools are the main part of the MLF. However, these tools also show the problem for investigation in the pre-analysis phase. For that reason the lack-ness in the collection of large amount of data from distributed machines is need to be examined. Some of the existing tools are not helpful in solving the problem and even increases the time of investigation. The need is to make more intelligent methods and tools so that the automatic investigation of the suspects machines or malicious activity can be analyzed and determined in accurate time. The data can be stored and placed in any place for destructive purposes. Therefore, MLF techniques are the best sources for storing, evaluating and using this data in a productive way to anticipate and harmful activities. MLF methods can perform the meta-analysis on the meta-knowledge from different sources, and it can simplify the complex tasks into understandable and manageable data formats in a short period of time. MLF can provide the well-formed repository that can contain the well-sanitized data of digital investigation with well-known properties

**14**

Salman Iqbal1 \* and Soltan Abed Alharbi2

1 Department of Computer Science, COMSATS University Islamabad, Vehari, Pakistan

2 Department of Electrical and Computer Engineering, University of Jeddah, Saudi Arabia

\*Address all correspondence to: simbwp@gmail.com

© 2019 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/ by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
