AI Embodied Operating System Log Analysis for Forensic Investigations

Abstract

The swift proliferation of operating system (OS) log data and the intricacy of modern cyber threats have shown inadequacies in traditional forensic analysis methods. Current systems have difficulties in processing large volumes of diverse data in real time, leading to inefficiencies in anomaly detection and incomplete investigations. This research addresses these problems by developing an AI-integrated operating system log analysis tool to automate log processing, detect anomalies, and enable cross-platform forensic investigation. Methodology: The research employs a hybrid AI approach, combining supervised learning for identified threat signatures with unsupervised methods for the detection of unknown anomalies. Log parsing and normalization activities are automated to standardize data across Windows, Linux, and macOS systems. The tool's modular design facilitates scalability, and development follows Agile and prototyping methodologies to ensure iterative improvements and stakeholder involvement. Models are evaluated based on parameters like accuracy, AUC-ROC, and false- Positivehrates. Initial Results: The initial prototype achieved 94% accuracy in anomaly detection, with an AUC-ROC of 0.91 and a false-positive rate of 4%. The system efficiently normalized diverse OS logs and processed them in near-real-time, demonstrating its capabilities to enhance forensic procedures. Further improvements are planned to increase detection rates and integrate real-time capabilities