Predictive Investigation: A Refined Approach for Evidence Detection and Acquisition
DOI:
https://doi.org/10.46610/JCSCS.2026.v05i01.001Abstract
In today’s digital era, cybercrime has evolved from a niche threat into a global crisis. Sophisticated attacks like ransomware, data breaches, identity theft and financial fraud affect everyone, from large corporations to individual citizens, causing billions in damages and eroding trust in digital infrastructure. Presently to investigate cybercrimes, usually there is a catch-up and struggling with the sheer volume and complexity of digital evidence. This research aims to change that. Instead of just reacting to crimes that have already happened, the primary aim is to predict them before they happen. According to earlier tests and results on predictive analytics and time-series analysis on the digital forensic investigation dataset (DFID), several models were found to be successful. Amongst the other models, one model stood out called ‘random forest,’ which is a supervised learning model, spotting potential threats with 95% accuracy, 94% precision, and 96% recall. It was also found that the most important digital clues are the timing between computer actions, the IP addresses involved, and file hashes. While 95% accuracy is a strong benchmark, it can be improved. This study propose a model, i.e. RNN or another model that would be efficient enough to surpass the 95% accuracy benchmark set by random forest according to earlier studies.
References
R. Kale and V. L. L. Thing, “Few-shot weakly-supervised cybersecurity anomaly detection,” arXiv preprint arXiv:2304.07470, 2023.
K. S. Raju, R. Ahila, M. Al-Farouni, G. Karuna, K. Yadav, and N. S. Kumar, “A predictive analytics approach to traceability in digital forensics using time series analysis,” in Proc. 2024 Int. Conf. IoT, Commun. Autom. Technol. (ICICAT), Gorakhpur, India, 2024, pp. 1178–1183.
S. Massengale and P. Huff, “Assessing and prioritizing ransomware risk based on historical victim data,” arXiv preprint arXiv:2502.04421, 2025.
D. R. Chirra, “Real-time forensic analysis using machine learning for cybercrime investigations in e-government systems,” Int. J. Mach. Learn. Res. Cyber Secur. Artif. Intell., vol. 14, no. 1, 2023.
B. Fakiha, “Forensic credit card fraud detection using deep neural network,” J. Southwest Jiaotong Univ., vol. 58, no. 1, 2023.
J. Tian, M. Li, L. Chen, and Z. Wang, “iADCPS: Time series anomaly detection for evolving cyber-physical systems via incremental meta-learning,” arXiv preprint arXiv:2504.04374, 2025.
F. Sufi, “A new time series dataset for cyber-threat correlation, regression and neural-network-based forecasting,” Information, vol. 15, no. 4, p. 199, 2024.
N. Neemukavi, B. Nithish, R. Selvemeena, C. Chinchu Nair and J. Jayaprakash, “Spatiotemporal change-aware machine learning models for improved cybercrime type prediction,” 2025 International Conference on Knowledge Engineering and Communication Systems (ICKECS), Chickballapur, India, 2025, pp. 1–9.
A.-R. Al-Ghuwairi, Y. Sharrab, D. Al-Fraihat, M. AlElaimat, A. Alsarhan, and A. Algarni, “Intrusion detection in cloud computing based on time series anomalies utilizing machine learning,” J. Cloud Comput., vol. 12, Art. no. 127, 2023.
J. A. Khan, M. A. Khan, N. Saeed, P.-L. Cayrel, and C. Hahn, “Intrusion detection systems for in-vehicle networks: Protocols, applications, and challenges,” IEEE Access, vol. 13, pp. 215219–215250, 2025.
R. Mohammad, F. Saeed, A. A. Almazroi, F. S. Alsubaei, and A. A. Almazroi, “Enhancing intrusion detection systems using a deep learning and data augmentation approach,” Systems, vol. 12, no. 3, Art. no. 79, Mar. 2024.
Y. Yamanaka, T. Takahashi, T. Minami, and Y. Nakajima, “LogELECTRA: Self-supervised anomaly detection for unstructured logs,” arXiv preprint arXiv:2402.10397, 2024.
Y. Alaca, Y. Celik, and S. Goel, “Anomaly detection in cyber security with graph-based LSTM in log analysis,” Chaos Theory Appl., vol. 5, no. 3, pp. 188–197, Nov. 2023.
Z. Yin, Z. Wang, W. Xu, J. Zhuang, P. Mozumder, A. Smith, and W. Zhang, “Digital forensics in the age of large language models,” arXiv preprint arXiv:2504.02963, 2025.
H. Xu, S. Wang, N. Li, K. Wang, Y. Zhao, K. Chen, T. Yu, Y. Liu, and H. Wang, “Large language models for cyber security: A systematic literature review,” arXiv preprint arXiv:2501.XXXX, 2025.
M. Jain, “Machine learning and deep learning approaches for cybersecurity: A review,” Int. J. Sci. Res. (IJSR), vol. 12, no. 10, pp. 1706–1710, Oct. 2023.
M. T. Hasan, M. A. E. Hossain, M. S. H. Mukta, A. Akter, M. Ahmed, and S. Islam, “A review on deep-learning-based cyberbullying detection,” Future Internet, vol. 15, no. 5, p. 179, 2023.
A. Alraizza and A. Algarni, “Ransomware detection using machine learning: A survey,” Big Data Cogn. Comput., vol. 7, no. 3, p. 143, 2023.
C. Feng and P. Tian, “Time series anomaly detection for cyber-physical systems via neural system identification and Bayesian filtering,” in Proc. 27th ACM SIGKDD Conf. Knowl. Discov. Data Mining (KDD ’21), 2021, pp. 2858–2867.
Y. Zhang, R. C. Muniyandi, and F. Qamar, “A review of deep learning applications in intrusion detection systems: Overcoming challenges in spatiotemporal feature extraction and data imbalance,” Appl. Sci., vol. 15, no. 3, p. 1552, Feb. 2025.
M. A. Ferrag, L. Maglaras, S. Moschoyiannis, and H. Janicke, “Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study,” J. Inf. Secur. Appl., vol. 50, Art. no. 102419, Feb. 2020.
H. Kamal and M. Mashaly, “Advanced hybrid transformer-CNN deep learning model for effective intrusion detection systems with class imbalance mitigation using resampling techniques,” Future Internet, vol. 16, no. 12, p. 481, 2024.
K. Fotiadou et al., “Network traffic anomaly detection via deep learning,” Information, vol. 12, no. 5, Art. no. 215, 2021.
A. D. Kadage, B. M. Nayak, V. S. Hingmire, K. Wanjale, N. Bogiri, and P. L. Mandale, “AI-enhanced digital forensics: Automated techniques for efficient investigation and evidence collection,” J. Electr. Syst., vol. 20, no. 1(S), pp. 211–229, 2024.
L. Yang, A. Moubayed, A. Shami, A. Boukhtouta, P. Heidari, S. Preda, R. Brunner, D. Migault, and A. Larabi, “Forensic data analytics for anomaly detection in evolving networks,” in Innovations in Digital Forensics, World Scientific Series in Digital Forensics and Cybersecurity, 2023, pp. 99–137.
M. Landauer, F. Skopik, B. Stojanović, A. Flatscher, and T. Ullrich, “A review of time-series analysis for cyber security analytics: From intrusion detection to attack prediction,” Int. J. Inf. Secur., vol. 24, no. 3, 2025.
P. Boniol, Q. Liu, M. Huang, T. Palpanas, and J. Paparrizos, “Dive into time-series anomaly detection: A decade review,” ACM Comput. Surv., manuscript submitted for publication, 2024.
Y. Gholami, “Large language models (LLMs) for cybersecurity: A systematic review,” World J. Adv. Eng. Technol. Sci., vol. 13, no. 1, pp. 57–69, Sep. 2024.
Z. Zamanzadeh Darban, G. I. Webb, S. Pan, C. Aggarwal, and M. Salehi, “Deep learning for time series anomaly detection: A survey,” ACM Comput. Surv., Aug. 2024.
E. Larsen, D. A. Noever, and K. MacVittie, “A survey of machine learning algorithms for detecting ransomware encryption activity,” arXiv preprint, 2021.
A. K. Tyagi, S. Kumari, and Richa, “Artificial intelligence-based cyber security and digital forensics,” in Artificial Intelligence-Enabled Digital Twin for Smart Manufacturing, Wiley, 2024, pp. 391–419.
A. M. El Koshiry, E. H. I. Eliwa, T. Abd El-Hafeez, and M. Khairy, “Detecting cyberbullying using deep learning techniques: A pre-trained GloVe and focal loss technique,” PeerJ Comput. Sci., vol. 10, Art. no. e1961, Mar. 2024. doi: 10.7717/peerj-cs.1961.
R. Chinnasamy, M. Subramanian, S. V. E. Easwaramoorthy, and J. Cho, “Deep learning-driven methods for network-based intrusion detection systems: A systematic review,” ICT Express, vol. 11, no. 1, pp. 181–215, Feb. 2025.
J. Qiu, X. Zhang, T. Wang, H. Hou, S. Wang, and T. Yang, “A GNN-based false data detection scheme for smart grids,” Algorithms, vol. 18, no. 3, Art. no. 166, 2025.
