Enhancing Ransomware Detection and Investigation through Digital Forensic Machine Learning Analysis

Dzulfiqar Fadhil; Taufiqurrahman Taufiqurrahman

Authors

Dzulfiqar Fadhil Faculty of STEM (Science, Technology, Engineering, and Mathematics), Prasetiya Mulya University
Taufiqurrahman Taufiqurrahman Faculty of STEM (Science, Technology, Engineering, and Mathematics), Prasetiya Mulya University

Keywords:

Digital Forensics, Ransomware Detection, Machine Learning, Incident Response, Cybersecurity Analysis

Abstract

Ransomware has become one of the most pervasive and damaging forms of cyber threats, targeting individuals, organizations, and critical infrastructures. Traditional digital forensic methods, while effective, are often limited by the speed and scale required to analyze modern ransomware attacks. This research explores the integration of machine learning techniques into digital forensic analysis to enhance the detection, classification, and investigation of ransomware. Using a controlled virtual environment, ransomware samples were executed and monitored to extract forensic artifacts from system logs, memory, and network activity. Features such as file entropy, API call behavior, and command-and-control (C2) communication patterns were analyzed. Machine learning models, particularly Random Forest and Convolutional Neural Networks (CNNs), were trained to identify ransomware behaviors with high accuracy. The Random Forest model achieved a detection accuracy of 96.4%, with strong precision and recall scores. The study also developed an automated forensic framework capable of real-time incident response and evidence extraction. Compared to previous research, this study offers improved generalization to unknown ransomware variants and faster forensic processing. The findings highlight the potential of digital forensic machine analysis as a robust solution for modern ransomware defense and investigation.

References

Ahmad, I., Basheri, M., Iqbal, M. J., & Rahim, A. (2018). Performance comparison of support vector machine, random forest, and extreme learning machine for intrusion detection. IEEE Access, 6, 33789–33795.

Alazab, M., Venkatraman, S., Watters, P. A., & Alazab, M. (2011). Zero-day Malware Detection based on Supervised Learning Algorithms of API call Signatures. AusDM, 11, 171–182.

AlMarri, S. (2017). A structured approach to malware detection and analysis in digital forensics investigation.

Anson, S. (2020). Applied incident response. John Wiley & Sons.

Bost, R., Popa, R. A., Tu, S., & Goldwasser, S. (2014). Machine learning classification over encrypted data. Cryptology EPrint Archive.

Datta, A., Sujay, D., & Shandilya, S. K. (n.d.). Introduction to Cyber Crime Investigation: A Modern Approach. In Advancements in Cyber Crime Investigations and Modern Data Analytics (pp. 1–15). CRC Press.

Del Mar-Raave, J. R., Bah?i, H., Mrši?, L., & Hausknecht, K. (2021). A machine learning-based forensic tool for image classification-A design science approach. Forensic Science International: Digital Investigation, 38, 301265.

Diogenes, Y., & Ozkaya, E. (2019). Cybersecurity–Attack and Defense Strategies: Counter modern threats and employ state-of-the-art tools and techniques to protect your organization against cybercriminals. Packt Publishing Ltd.

Gardiner, J., Cova, M., & Nagaraja, S. (2014). Command & Control: Understanding, Denying and Detecting-A review of malware C2 techniques, detection and defences. ArXiv Preprint ArXiv:1408.1136.

Genç, Z. A. (2020). Analysis, detection, and prevention of cryptographic ransomware.

Harrison, C. B. (2014). Odinn: An in-vivo hypervisor-based intrusion detection system for the cloud. Auburn University.

Iqbal, S., & Alharbi, S. A. (2019). Advancing automation in digital forensic investigations using machine learning forensics. In Digital Forensic Science. intechopen.

Koroniotis, N., Moustafa, N., & Sitnikova, E. (2019). Forensics and deep learning mechanisms for botnets in internet of things: A survey of challenges and solutions. IEEE Access, 7, 61764–61785.

Kumar, A. D., Thodupunoori, H., Vinayakumar, R., Soman, K. P., Poornachandran, P., Alazab, M., & Venkatraman, S. (2019). Enhanced domain generating algorithm detection based on deep neural networks. Deep Learning Applications for Cyber Security, 151–173.

Lengyel, T. K. (2015). Malware Collection and Analysis via Hardware Virtualization.

Li, J. (2018). Cyber security meets artificial intelligence: a survey. Frontiers of Information Technology & Electronic Engineering, 19(12), 1462–1474.

Moses, L. B., & Chan, J. (2014). Using big data for legal and law enforcement decisions: Testing the new tools. University of New South Wales Law Journal, The, 37(2), 643–678.

Rieck, K., Trinius, P., Willems, C., & Holz, T. (2011). Automatic analysis of malware behavior using machine learning. Journal of Computer Security, 19(4), 639–668.

Roberts, K. M. (2020). Addressing current and future resource deficiencies within the field of cybersecurity: A generic qualitative inquiry. Capella University.

Rowell, M. D. (2017). Cyber indicators of compromise: a domain ontology for security information and event management. Monterey, California: Naval Postgraduate School.

Sharma, A., & Sahay, S. K. (2014). Evolution and detection of polymorphic and metamorphic malwares: A survey. ArXiv Preprint ArXiv:1406.7061.

Spremi?, M., & Šimunic, A. (2018). Cyber security challenges in digital economy. Proceedings of the World Congress on Engineering, 1, 341–346.

Tabish, S. M., Shafiq, M. Z., & Farooq, M. (2009). Malware detection using statistical analysis of byte-level file content. Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, 23–31.

Toraskar, T., Bhangale, U., Patil, S., & More, N. (2019). Efficient computer forensic analysis using machine learning approaches. 2019 IEEE Bombay Section Signature Conference (IBSSC), 1–5.

Verma, R., Govindaraj Dr, J., Chhabra, S., & Gupta, G. (2019). Df 2.0: An automated, privacy preserving, and efficient digital forensic framework that leverages machine learning for evidence prediction and privacy evaluation. Journal of Digital Forensics, Security and Law, 14(2), 3.

Yacouby, R., & Axman, D. (2020). Probabilistic extension of precision, recall, and f1 score for more thorough evaluation of classification models. Proceedings of the First Workshop on Evaluation and Comparison of NLP Systems, 79–91.