TABLE OF CONTENTS
CHAPTER ONE 2
INTRODUCTION 2
1.1 Background of Study 2
1.2 Statement of Problem 2
1.3 Aim and Objectives 3
1.4 Significance 3
1.5 Scope of the Project 3
1.6 Limitation 3
1.7 Definition of Terms 3
1.8 Project Organization 4
CHAPTER TWO 6
LITERATURE REVIEW 6
2.1 Introduction to Forensics 6
2.1.1 Historical Perspectives of Digital Forensics 6
2.1.2 Definition of Specific Research Concepts 7
2.1.3 Discussion on Crime Scene Reconstruction 8
2.2 Review of Relevant Approaches to the Research Area 9
2.3 Review of Related Literature 13
2.4 Summary of Research Findings 21
?
CHAPTER ONE
INTRODUCTION
1.1 Background of Study
Crime event reconstruction involves recognition of objects at a crime scene, identification of objects relevant as evidence and finally the reconstruction of the crime scene after the incident for forensic analysis (UniversalClass, 2018) however crime event reconstruction should not be confused as crime event recreation (which is replacing items or actions at a crime scene based on the original scene documentation). The process has been around for many years and it actually became a forensic discipline because of a particular double murder case in 1992 (Bevel, 2011). In the last few decades, it has been evolving with diverse technological applications to the field including forensic document clustering, object detection, fingerprint identification and so on.
Crime scene reconstruction is vital for stating the course of a crime which could play a big role as an evidence in the courtroom for the jury.
Certain evidence patterns are usually found at every crime scene which is useful for the reconstruction process and other forensic investigations, some of them are bloodstain pattern, glass fracture pattern, fire burn patterns, dead victim faces and position, furniture position pattern, injury wound pattern, and so on. This research study, however, is centered on developing a machine learning convolutional neural network (CNN) model for recognizing and analyzing relevant object evidence at indoor crime scenes for evidence thereby predicting the course of a crime scene for forensic investigations.
1.2 Statement of Problem
Forensic investigation of crime incidents can sometimes be very tedious and time-consuming. Amongst other relevant aspects of forensic crime scene reconstruction is very crucial to the field but when carried out manually can be very inefficient and in turn produce inaccurate results from the entire crime event analysis for reconstruction (Brian D. Carrier, 2004), reasons are traceable to limitations of the human brain for certain kinds of analysis like blood spatter analysis, facial recognition of injured victim at the crime scene and so on. Some other limitations may include inadequate training and experience, fatigue during an investigation, inappropriate documentation, contamination of relevant pieces of evidence at the crime scene, inappropriate identification and individualization of pieces of evidence which would, in turn, affects the use of data collected the crime scene for further investigations. With the development of a machine learning model for forensic investigation, the errors during investigations can be reduced as it can be integrated on hardware devices, software applications and so on.
1.3 Aim and Objectives
The aim of this project is to develop, train, test and use a neural network model for crime scene reconstruction. The objectives of the proposed research work are:
• To extend existing dataset relevant to crime scene reconstruction to improve the accuracy of existing models.
• To train and test a convolutional neural network for crime scene reconstruction
• Develop a mobile app to use the trained model.
• To mitigate the stress of forensic investigators by providing a computerized support for their task.
1.4 Significance
• Improve the conclusive results of forensic investigations as pieces of evidence in court
• Diverse prospects in forensic science
• It will mitigate exoneration of innocent suspects.
• Ease of forensic analysis for personnel
• It will improve decision making during a forensic investigation at crime scenes
1.5 Scope of the Project
This project describes the application of machine learning to forensics for crime scene reconstruction based on objects detected at the crime scenes.
1.6 Limitation
• The study is centered on object recognition and detection for crime scene evidence analysis.
• Availability of datasets to train and test for crime scene reconstruction is poor, this project only utilizes images from Google Advanced Search to train and test the model.
• Low internet connectivity and bandwidth which will reduce the pace of the project.
• The high cost of relevant and highly resourceful materials like journals, textbook and so on
1.7 Definition of Terms
Computational Forensics: Computational forensics is a branch of forensic science which involve the development of algorithms and software to aid a criminal investigation.
Machine Learning: Machine learning is a concept in computer science which involves the use of computational algorithms to gain insights from raw data. The concept involves developing trained and tested models which are used to make accurate predictions based on insights gotten from certain raw data.
Convolutional Neural Networks: This is neural network algorithm basically used for object and facial recognition tasks. The CNN is inspired from how the biological neural networks work to gain insight from certain features of labeled images and make predictions about the identity of unlabelled images.
Transfer Learning: Transfer learning is a machine learning technique which involves training a pre-trained model with a custom dataset different from its previous training set. The approach is mostly recommended for image classification and identification using neural networks due to the required memory and time resource to train neural networks from scratch for image classification. However transfer learning has a certain condition to achieve good accuracy with the pre-trained model, an essential condition is that the new dataset or problem must be similar to the initial training set used for the model. In this project, we re-train a pre-trained model YOLOV2 on our custom created a dataset. The model which was initially trained on ImageNet with about 1.4 million images with about 9000 object classes.
Object Detection: Object detection involves recognizing the instance of object classes over a wide range of image data using computational techniques. Object detection system has a wide range of application areas like medical diagnosis, military, and forensics. In this research work, we utilize the concept of crime evidence analysis on a large amount of visual data (images and videos) for crime scene reconstruction through the objects detected successfully at a crime scene.
Digital Forensics: Digital forensics which is the analysis of a digital evidence may be from digital fax machines, audio, images, video and so on to recreate a crime event for relevant criminal investigation. Digital forensics is a relatively new field in forensic science which provides a qualitative and authentic evidence which can be used in the jury.
Crime Scene Reconstruction: Crime scene reconstruction is the process of determining or eliminating the events and actions that occurred at the crime scene through analysis of the crime scene pattern, the physical condition, the location and position of the physical evidence, and the laboratory examination of the physical evidence.
1.8 Project Organization
The computational forensics machine learning software uses a convolutional neural network model object detection relevant for crime evidence analysis. The project work is organized as follows:
Chapter 1: This chapter basically presents the background, statement of the problem, aim, and objectives of the project as an introduction to the project documentation.
Chapter 2: In this chapter, we briefly describe the reviewed literature and works related to the project.
Chapter 3: This chapter presents the selected research methodology to be adopted in the research and a justification of the methodology to suit the project proceedings.
Chapter 4: This chapter presents a design and implementation of the software developed in the project as an experimentation of the proposed idea.
Chapter 5: Here we finally conclude the research with a summary, recommendations, and conclusion of the research.
?
CHAPTER TWO
LITERATURE REVIEW
2.1 Introduction to Forensics
Technology is regarded as a fast-growing sector in the world today which makes a high percentage of development globally, dependent on this area. Thus, various advancement in technology especially image processing has tremendously improved forensic science in areas like recognition of relevant pieces of evidence, individualization of these pieces of evidence and reconstruction of the object, faces, and even an entire crime scene.
Forensic analysis however is usually performed in highly sophisticated laboratories, which makes the process highly expensive and time-consuming thereby utilizing technological concepts (Antonio & Riquelme, 2014) like Automated Fingerprint Identification Systems, Carbon 14 Dating, 3D Facial Reconstruction and Alternate Light Photography for better and efficient analysis of relevant data used as evidence during investigations.
Very important to note is that Digital forensics and Computer forensics are most times used interchangeably to define forensic analysis related to computing, however, may be quite different in terms of scope. While Computer forensics involves forensic analysis of computer-related crimes like social engineering attacks on a system, but a more extensive term is Digital forensics which is an analysis of a digital evidence (not just computers) may be from digital fax machines, audio, images, video and so on. (Derek, Francine, Ewa, & Oscar, 2008).
Digital Forensics can help provide a better output based on automated and intelligent analysis of pieces of evidence at crime scenes (Prerak & Rughani, 2017). The basic concept of digital forensics is providing a computer output from a computational model or software which serves as a second reviewer for forensic experts during forensic data analysis. However, a major issue in forensics is the uncertainty of data as various crimes vary in terms of features.
2.1.1 Historical Perspectives of Digital Forensics
Research on Digital forensics or computer forensics science started becoming prominent with the first specialized software tools developed in the 1980s in response to high demand for technological impact by law enforcement agencies for criminal investigations (Whitcomb, 2002).
During this period particularly 1984, various law enforcement laboratories like the FBI began to develop programs to examine computer pieces of evidence. In accordance to this development for effective investigation, a team known as the Computer Analysis and Response Team (CART) was set up by the FBI and the idea was duplicated by other law enforcement agencies (Noblett, Pollitt, & Presley, 2000). These early computer forensic research works fostered great influence on law enforcement agencies as about 48 percent of this law enforcement agencies began to have computer forensic laboratories to carry out analysis on pieces of evidence and about 68 percent of pieces of evidence were analysed in these laboratories (Whitcomb, 2002) which also increased the need for more sophisticated program to aid forensic examination of digital pieces of evidence in these laboratories.
In the last two decades, several advancements in the technology sector with the development of more complex and advanced computer systems has immensely influenced the growth of digital forensics, thereby performing more analysis on various pieces of evidence digitally. Development of various specialized software tools for digital forensics has improved reconstruction process during onsite forensic investigations, this reconstruction process provides clues from physical crime shreds of evidence and digital crime evidence. However, law enforcement agencies still lack specific standards that govern the examination these varieties of evidence (Pollit, 2010).
Machine learning algorithms and Artificial intelligence research began many years ago but the research area remained quite dormant until recent times when computing capabilities required to develop machine learning models are now available thereby using these models for forensic analysis (Prerak & Rughani, 2017). Certain machine learning algorithms like Artificial Neural Networks are used for forensic image processing and in-painting (Voronin, Makov, & Creutzburg, 2016), Convolutional Neural Networks are used for object or image recognition, Artificial Neural Networks also for conversational chat bot sentence prediction (Prerak & Rughani, 2017) and so on, the list goes on as advances are made on the concept continuously depending on data availability.
Forensic photographs taken at crime scenes, digital photographs of evidences or digital photographs of victim or criminals can be used to train machine learning models based on certain similar features of these images with neural networks which involves pixel to pixel analysis of these images (Jatto, 2017) like a jigsaw puzzle which is an efficient tool for digital forensics and event reconstruction. These models, in turn, can be used to develop intelligent software systems to reasonably reduce the complexity of evidence analysis. These various machine learning applications cover forensic science but also extends to various other fields like medical image processing, object recognition software, product image search engine on e-commerce websites and so on.
Obviously, digital forensics has been on an incessant evolution since inception, which in turn influences forensic science generally.
2.1.2 Definition of Specific Research Concepts
Machine learning is a concept with multi-disciplinary application to various fields that involving data one way or the other. It is a branch of artificial intelligence which involves developing a model to learn from existing data and utilize identified patterns in these data to make decisions with limited human intervention. Machine learning may also be described utilizing computer algorithm (ML Algorithms) to develop models (computer programs) to learn from experience with an existing data relating to a task and performance measure, thereby it’s performance at a given task increases with experience (Paulo, Donald, ; Ivens, 2015). A Machine learning model maximizes its utility performance by experience gained from data used to during its training stage. The concept has various application areas like recommendation systems (Paulo , Donald , ; Ivens , 2015), stock market forecasting (Shen, Jiang, ; Tongda, 2013), speech recognition (Banumathi ; Dr Chandra, 2017), fraud detection systems (Anuj ; Prabin, 2012), object recognition (Helen, 2009), automatic text classification (Joel , Alex , ; Celso , 2014) and so on. Machine learning models are not necessarily machines or systems but can be integrated on intelligent software/hardware for decision making based patterns identified from data used to train on the problem domain.
ML Algorithms, however, are basically classified into four categories: supervised learning, unsupervised learning, semi-supervised learning and reinforcement learning (Paulo, Donald, ; Ivens, Ivens, 2015).
Supervised learning involves training computer algorithm with labeled data into specific classes in a particular task, thereby applying learned knowledge from labeled data on a real-world data.
Unsupervised learning in contrast to supervised learning does not involve a training dataset with labeled data, thereby leaving the ML algorithm to utilizing hidden patterns on the data to categorize data based on identified patterns.
Semi-supervised learning is an approach where computer algorithm learns from datasets with labeled and unlabelled categories of data. ML algorithms in this category are able to gain experience from incomplete data.
Another essential machine learning approach is the reinforcement learning which involves the model giving specific insights in a particular context to maximize its performance.
Machine learning, however, is not a new concept in computer science, but the possibility of extensive research on the concept has recently become very feasible due to adequate computational power to develop strong ML models with reasonable accuracies (Prerak ; Rughani, 2017).
2.1.3 Discussion on Crime Scene Reconstruction
Crime scene reconstruction (CSR) is an aspect of forensics becoming largely dominant as it places a major role in determining to a reasonable extent the actual sequence of a criminal case. Crime scene reconstruction is a forensic analysis task which owes the responsibility of eliminating and determining the events at a crime scene by analysis of relevant patterns at the crime scene. Relevant patterns may be position or location of physical shreds of evidence, bloodstain patterns, track-trail patterns, injury or wound pattern, glass fracture patterns, scattered furniture positions and so on. CSR is highly essential to predict the actual course of the crime scene which has a major influence on decisions in the jury (Samir ; Nabanita, 2015).
2.2 Review of Relevant Approaches to the Research Area
This section of the research contains summary and description of various related works in deep learning (neural networks), object detection, crime evidence analysis for event reconstruction and research works on digital forensics. We review these works to come up with a qualitative approach to solving the aforementioned problem, by pointing out an improvement that can be made on the pitfalls discovered in these works.
Machine learning is a branch of artificial intelligence which give ability machine or computer learns from existing data and utilize this experience on data to make predictions and decisions based on data patterns learned in its training stage. We review mostly works on neural networks and other machine learning algorithm.
This paper describes a method for object detection in images using Deep Neural Networks. The developed machine learning model not only classifies an image but also localizes various object positions in the image (Christian, Alexander, Alexander, ; Dumitru). Deep neural networks as described in the research work are very different and more efficient than other classification techniques as DNN models are much more robust with a deep architecture which makes it very powerful for classification problems. The validity of the approach used in the model developed is analyzed by using it on a test dataset known as the Pascal Visual Object Challenge (VOC) 2007 which has about five thousand (5000) test images with over 20 classes. The experiment conducted with the model on this dataset utilizes boundary boxes to detect significant object in these test images and its conclusive accuracy is compared with three related approaches which includes: sliding window version of a DNN classifier (Alex , Ilya , ; Geoff , 2012), a 3 layer compositional model by (Long , Yuanhao , Alan , ; William , 2010) and the DPM of (Pedro , Ross , David , ; Deva , 2010) and (Girshick, Felzenszwalb, ; McAllester) to evaluate the achieved results of the model.
In this research paper, Banumathi and Dr. Chandra (Banumathi C. ; Chandra, 2017) reviews and explains various deep learning algorithms, and based on their distinct features they examine the best deep learning algorithm for speech recognition. We review various types of deep learning classifiers described in the paper which includes Convolutional Neural Network (CNN), Recurrent Neural Network (RNN), Restricted Boltzmann Machines (RBM), Deep Belief Network (DBN), Deep Convex Nets (DCN), Deep Neural Networks (DNN), Deep AutoEncoder, and Deep Stacking Network (DSN). The paper, however, proposes three broad deep architectures which this type of classifier belongs to base on their intended use (generative, discriminative and hybrid deep architectures) (Banumathi C. ; Chandra, 2017). Deep Belief Network (DBN) is the most efficient deep learning algorithm for speech recognition due to its flexible architecture (Banumathi C. ; Chandra, 2017). DBN is a hybrid model with two undirected layers unlike the DNN (Deep Neural Network) which allows it to effectively learn features from a layer to layer learning strategy. However, a major problem with any deep learning architecture is the complexity of its architecture.
This paper describes the approach used by Hong-Wei Ng and colleagues (Hong-Wei et al., 2015) in the 2015 Emotion Recognition in the Wild contest which involved prediction facial expression in static digital images. The solution proposed in this work has various applications one of which is the crowd analysis over a video surveillance camera for digital forensics. They present a Transfer Learning approach with a pre-trained deep convolutional neural network on a small dataset of static image from movies. Transfer learning is a machine learning technique which involves training a pre-trained model with a custom dataset different from its previously training set, they employ this technique due to required memory and time resource to train neural networks from scratch for image classification. We review the pre-trained model used as it is trained over large ImageNet (1.2 million images) dataset which largely contributes to its image classification accuracy. The pre-trained model requires outer layer fine-tuning to be used on the custom dataset in this research, the fine tuning technique used is present in the paper. However, the overall accuracy of the model after being trained and tested on the new dataset for emotion recognition on static images is 48.5%, which is quite low and inefficient. They also present a solution to this accuracy drawback which involves expanding the labeled dataset to a reasonable extent and training the model to improve its accuracy.
This work by Joseph and his colleagues (Joseph et al., 2017) presents an object detection system developed with a novel convolutional neural network. They present a model for object detection called YOLO (You Only Look Once), a state-of-the-art approach for real-time object detection in digital images. We review the architecture of the model which runs a single convolutional neural network to classify boundary boxes of objects in a resized input image of 448 x 448, unlike other object detection framework that uses a sliding window approach which the convolutional neural network is applied on several spaced location on the entire image. We review various frameworks (especially R-CNN) used for object detection as described in the paper to compare the operation of the presented model with other frameworks. The model is trained on several datasets which includes PASCAL VOC 2007, PASCAL VOC 2012 and ImageNet 2012 thereby making the model generalized on several categories of objects. However, this model still has a drawback is that the model struggles with small and clustered image like a flock of birds in the sky. The accuracy of this presented model is very efficient and highly generalized when exposed to unknown objects for detection as we review its operation on a video to detect objects in it.
This paper by Deepika and colleagues (Deepika et al., 2015) presents a review of an image based online product. They review various research works in this area and propose the architecture of their system. Text-based query on an e-commerce website is largely accepted but limited in expressiveness, thereby the need for an image based query for users to easily find desired products. The image-based online product search system presented in this research includes certain features that allow a user an uploaded picture of the desired product to the system, thereby the image recognition engine which then finds relevant features from the image. These relevant features are selected several image processing techniques performed on the image, the features a thereby used in an iterative manner to find a website where the product or related product is available for sale and returns relevant links to the user. The research aims at enhancing the convenience of online shopping for customers.
This paper presents a deep learning model for extractive text summarization (Mahmood ; Len, 2017). Automatic text summarization is one of the modern application of neural network, however, it may be extractive or abstractive. Abstractive text summarizers re-generate sentences in its output summary, however extractive summarizer performs sentence ranking thereby outputs a defined combination of sentences with highest ranking as the summarized text. We review related works to this research which other machine learning algorithms like Support Vector Machine, Hidden Markov Model, Recurrent Neural Networks, and Convolutional Neural Networks used for text summarization. They use an approach which involves using a deep auto-encoder to computer learning features thereby an entirely unsupervised deep neural network thereby reducing the training computational cost which makes the model still efficient when used on devices with low computational power like mobile devices.
In this paper, Shunrong and colleagues (Shunrong et al., 2016) propose a model with high accuracy to forecast future profit and loss in the stock market. We review the machine learning approach used in the research, they use the SVM (support vector machine) on an existing dataset which contains data collected from various financial markets across the world to train and test the model for stock market forecasting. They propose the approach used in the research is much efficient for predicting stock markets globally unlike previous works which used sentiment analysis on Twitter to forecast the behavior of the stock market.
This paper presents an application of convolutional neural network for art painting identification to detect copyrighted images used without content provider’s permission for commercial purposes (Yiyu et al., 2017). We reviewed other related works for art painting identification as described in the paper, one of which is Scale-Invariant Feature Transform (SIFT) a state-of-art handcrafted image descriptor and compared its operation with the proposed machine learning approach. However, the artwork dataset used in the paper had 100 main art images distorted in various forms (scaling, color variation, projection, rotation, and translation) to expand the dataset (30000 distorted images). Training the CNN used 25000 of the dataset and 5000 for testing the accuracy, the entire methodology presented in the paper produced a CNN with 2% test error rate which very much efficient than the with 15.6% error rate.
In this article, Ossama and colleagues (Ossama et al., 2017) present a CNN for speech recognition. Automatic speech recognition involves the transcription of human speech from an audio or video to text (speech to text), the task is very technical as human speech vary in signals due to the quality speakers or environmental noises. CNN have specific features such as pooling, weight sharing and locality which gives it a robustness to handle the varying speech signals in speech recognition. The model described in this paper is considered hybrid as it combines the Hidden Markov Model (HMM) and CNN, thereby reducing the error rate of the existing state-of-the-art HMM model for speech recognition by 6-10%.
This paper describes the methodology using the effective multi-layered variation of neural networks known as CNN to classify images containing Arabidopsis and Tobacco. They use a transfer learning approach by retraining the Inception V3 CNN model originally trained on with a very large state-of-art image database known as ImageNet by Google. The dataset used to retrain the model is gotten from a public repository known as Computer Vision Problems in Plant Phenotyping (CVPPP 2014) containing images of Arabidopsis and Tobacco, thereby they carry out a fine-tuning the higher level layers of the model to classify this images correctly. We also review the accuracy of the retrained model which turns out with a remarkable 98% accuracy
In this paper, they carry out an extensive analysis and evaluation of different CNN architectures on a computer aid detection problem for thoraco-abdominal lymph node (LN) detection and interstitial lung disease (ILD) detection (Hoo-Chang et al., 2016). We review the AlexNet CNN (seven layered), Cifar-CNN (three layered) and GoogleNet CNN (eleven layered) which are the CNN evaluated in the paper. A two major challenges using CNN to classify medical images includes availability of an extensive dataset for training and testing, however they utilize publicly available thoraco-abdominal lymph node and interstitial lung disease image datasets labelled by radiologists and secondly CNNs are trained on natural images, unlike medical images which are 2D or 2.5D images, however, pre-trained CNN can still classify medical images effectively by using the approach of transfer learning which involves fine-tuning the higher layers of these CNN. The conclusive accuracy of various CNN evaluated in the paper creates state-of-the-art machine learning model that can be used to develop high-performance CADe systems.
In this paper, Yann and colleagues (Yann et al., 2010) explain the architecture of convolutional neural networks and various application areas of the algorithm in embedded computer vision systems. Convolutional neural networks have been around since the early 90’s but just became popular with many applications due to the recent availability of computational power to train CNN models. We review the efficiency of the machine learning algorithm for feature extraction in images, audio, and videos which are used to develop systems for object detection, face recognition, speech recognition, intelligent video surveillance systems and so on. It has a layered architecture and its accuracy for visual processing is compared with other approaches for this purpose in the paper. Although deep layered CNN trained on large dataset have tremendous accuracy for classification, detection or identification of images, objects or faces respectively, it is not always 100% accurate.
2.3 Review of Related Literature
As aforementioned machine learning is a multi-disciplinary research area as it has various application to diverse fields. State-of-the-art machine learning works in forensic science are reviewed in this section.
This paper basically analyses and explains the impact of bloodstain pattern found at crime scenes for possible reconstruction of the crime scene. Having a standalone computerized tool for blood stain analysis of weapons used at a crime scene is a very difficult task due to the fact that a large variety of tools could be used to commit a violent crime (Samir ; Nabanita, 2015). The paper, however, reviews various works in diverse disciplines to analyze the various class of blood stains found at crime scenes and corresponding classes of object used for this crime. We reviewed the classes of blood stains (types) illustrated in the research which are described as Transfer Stain, Passive Stain, and Impact Stain. Passive stains are bloodstain at a crime scene as a result of blood droplets or flow from either victims or perpetrators of the crime. Impact Stain is usually referred to as blood spatter or splash, these are stains that travel through the air due to object or weapon impact on the victim’s body. Transfer stains are caused when objects or weapon come in contact with existing blood stain. However, the experiment carried out in this reviewed research work centers on the transfer stain on a hammer used to commit a murder crime.
This paper makes a detailed analysis of prominent aspects of computer forensics which machine learning algorithm has been applied and can be applied in future research works of machine learning. Computer forensics as a broad term refers forensic analysis of every computer related device which may include general purpose computers, disk storage devices, and processors (Davide, Giorgio, & Fabio, 2011). Digital devices have become part of our daily life even in professional field which is a great advancement for technology, however it disadvantages as a tool for certain crimes like cybercrimes, computer intrusion, credit card fraud and so on cannot be over-emphasized thereby the need for computer security to prevent these crimes and computer forensics to investigate this kind of criminal cases. We also review the comparison of computer forensics and computer security as described in the research work. Although both fields (computer security and computer forensics) share the same origin which requires understanding core aspects of the computer, they have different goals. Computer forensics analysis has a primary goal of investigating computer crimes, which is different from computer security which involves taking preventive measures of these computer-related crimes. The paper, however, describes areas of computer forensics which machine learning algorithm can solve major problems and important requirements of these algorithm to achieve results with high accuracy
This paper reviews the use of machine learning in digital crime and the use of digital forensics to investigate these digital crimes. The research utilizes a Neural Network open source model known as DeepQA. The DeepQA is an open source chatbot and utilizes RNN to make sentence prediction that best answers conversational chats with reasonable answers without human involvement, it was developed using Google’s open source machine learning library known as Tensorflow. The model is trained with a large conversational dataset (Prerak ; Rughani, 2017) which affects its activeness and accuracy positively. This Chatbot could be used by hackers to simulate human chat conversations to get certain information from people, thereby the need for digital forensics on crimes like this. However, the forensic analysis carried out on the chatbot the proved that a machine learning technique was used to develop the program, DeepQA.
In this work, Bruno W. P. Hoelz and colleagues (Bruno, Célia, ; Rajiv, 2009) presents an artificial intelligence for computer forensics using a multi-agent system. They propose an artificial intelligence to reduce the time required to investigate and correlate large number files on a computer drive that can serve as evidence, thereby giving a computer forensic examiner a precise direction for its analysis. The research presents a multi-agent system known as Multi-Agent Digital Investigation toolKit (MADIK). The system has basically six intelligent agent which performs specific forensic analysis to assist forensic experts. This system is used on a real forensic data and gives a commendable result, however, the system is not considered perfect as more intelligent agents can be included in the system to improve its performance and reasoning process.
In this research paper, Bhowmik (Bhowmik, 2009) presents data mining techniques to detect fraudulent transactions. They review various machine learning classification techniques used for fraud detection in other research works which includes Decision trees, Artificial Neural Networks, and rule-based algorithm, thereby presenting an approach considered most appropriate for the task using the Naïve Bayesian algorithm for fraudulent transaction detections. Naïve Bayes is a probabilistic supervised learning classification technique which considers each instance in the dataset independent with certain attribute thereby classifying an instance with an unknown class with the highest probability given its attribute or features. The dataset used in the work involves detecting fraud in automobile insurance, it consists of a training set with 20 instances (3 fraud and 17 legal) with 6 features for each instance, thereby assign a new instance to a specific class (fraud or legal) with the highest probability. They assessed the performance of the model with a confusion matrix and visualized using the ROC (Relative Operating Characteristic) curve which compares the performance of various classifiers review in the research.In this paper, Divya Murli and her colleagues (Divya et al., 2014) present an efficient and accurate machine learning algorithm for credit card fraud detection known as Neural Networks. They pinpoint various classes of credit card fraud which is increasing by the day due to the convenience that comes with credit card transactions. A neural network is much robust and highly optimized than Naïve Bayes, Hidden Markov Model or other classification machine learning algorithm as they basically have three main layers (input layer, hidden layers, and the output layer), however, in this research, they utilize the Neuroph IDE which is neural network framework implemented in Java. Neuroph makes training and testing neural network model over a dataset quite easy to achieve due to its very interactive user interface. The dataset used in this research is unlabelled containing a summary of 20000 active credit card holders over the last six months (Divya et al., 2014) which is split into two part (training sets and test sets). The results from the training process produce a very low error rate and the result is described visually in the paper. Although, the classification result is quite impressive the model can still be improved by expanding the dataset used and improving the neural network by adding more layers.
In this paper, Mark Scanlon and colleagues (Felix et al., 2018) evaluates and compares operation of various models and systems for Age Estimation from facial features of digital images or videos. They propose the analysis and model developed would support digital forensic expert with an automated investigation of images of child abuse, an example is child pornography. A prominent problem with machine learning research work is the availability of dataset, which is also a big issue in this research thereby they develop a dataset generator creates a structured dataset from images contained in various semi-structured datasets. The comparative analysis compares the accuracy of the following machine learning models (online and offline) based on their mean absolute error: Amazon Recognition (Artificial Neural Network), Deep Expectation (DEX) (Convolutional Neural Network), Kairos (Support Vector Machine), Microsoft Azure Cognitive Service (Deep Learning).
This paper describes the use of machine learning techniques to identify and predict protocols carried through a DNS channel to aid network forensic analysis thereby reducing the time required for identification, analysis, and reconstruction of a network related digital crime. The current approach used for network forensic approach is considered manual as there is no universally standardized approach to identify various network protocols through DNS tunnels (Irvin ; Panagiotis, 2017). They propose a novel approach to identify four protocols (HTTP, HTTPS, FTP and POP3) an extension of a previous work for two protocols (HTTP and FTP) (Homem, Papapetrou, ; Dosis, 2016) , using K-Nearest Neighbours, Decision Trees, Support Vector Machine and Neural Networks, thereby comparing accuracies of these machine learning algorithms on the available. However, a collection of a real world summary of DNS tunneling into a single dataset for training and testing these machine learning algorithms is an almost impossible task, thereby they create a dataset to address this problem. The results of the comparative analysis give the Multi-layered Neural Network with the highest accuracy (95%) while K Nearest Neighbours taking K as 5 is the least accurate (90%).
This paper by Ikuesan and his colleagues (Ikuesan et al., 2017) integrates a machine learning research area known as user attribution in digital forensics. User attribution is simply identifying a human user based on specific thinking style and behavior on a digital medium, the concept has been applied to computer security, user behavior on an eCommerce website and on the internet generally. They collected and analyzed reoccurring patterns of 43 users over a network traffic thereby classifying this into specific thinking style using various machine learning algorithm Decision tree was considered most accurate for user attrition with the lowest error rate, thereby developing a graphical model with UML (Unified Modelling Language) to describe its forensic application. However, we consider the research not very elaborate as various other parameters could be used to identify a user on a digital medium like personality trait amongst others.
In this paper two Spanish data scientists, Jose and his colleague (Antonio ; José, 2016) focus on a supervised machine learning technique for a digital forensic analysis problem. The solution proposed in the paper addresses forensic analysis on various categories of glasses that could be found shattered or broken at a crime scene as a primary source of evidence if a proper and accurate identification of this glass types is achieved. They perform a comparative analysis of various machine learning classification algorithms: Decision tree, Naïve Bayes, Artificial Neural Network and K Nearest Neighbours, thereby. Training and testing these algorithms is done on a dataset, Glass Identification from USA Forensic Science Service which is available for free on UCI (University of California, Irvine) repository. The dataset consists of 214 labeled glass instances with 10 features which include its Id No and chemical properties (Id No, RI (refractive index), Na, Mg, Al, Si, K, Ca, Ba, Fe)). We reviewed the result of various machine learning approaches used for the analysis based their accuracies and Cohen’s Kappa.
This paper describes the approach used by Hong-Wei Ng and colleagues (Hong-Wei et al., 2015) in the 2015 Emotion Recognition in the Wild contest which involved prediction facial expression in static digital images. The solution proposed in this work has various applications one of which is the crowd analysis over a video surveillance camera for digital forensics. They present a Transfer Learning approach with a pre-trained deep convolutional neural network on a small dataset of static image from movies. Transfer learning is a machine learning technique which involves training a pre-trained model with a custom dataset different from its previously training set, they employ this technique due to required memory and time resource to train neural networks from scratch for image classification. We review the pre-trained model used as it is trained over large ImageNet (1.2 million images) dataset which largely contributes to its image classification accuracy. The pre-trained model requires outer layer fine-tuning to be used on the custom dataset in this research, the fine tuning technique used is present in the paper. However, the overall accuracy of the model after being trained and tested on the new dataset for emotion recognition on static images is 48.5%, which is quite low and inefficient. They also present a solution to this accuracy drawback which involves expanding the labeled dataset to a reasonable extent and training the model to improve its accuracy.
This paper presents a novel approach for object detection and localization in digital images for forensic crime scene investigation. Crime scene reconstruction initializes with the identification of shreds of evidence at a crime scene, this paper presents a Faster R-CNN (Region-based Convolutional Neural Network) to optimize existing deep learning algorithms for object detection (Surajit, E., Enrique, & Laura, 2017). Faster R-CNN is a pre-trained convolutional neural network which builds on the architecture of Region Proposal Network for object detection in digital images. The convolutional neural network is state-of-art machine learning algorithm used for image analysis or classification, it basically has multiple layers which include the convolutional layer, ReLU (Rectified Linear Units), Pooling Layers and the fully connected layers. These layers are the primary components of CNN because each layer carries out specific functions on images during training and testing process of image datasets. Faster R-CNN is highly optimized thereby very efficient for real-time object detection in images about 12ms approximately (Surajit, E., Enrique, & Laura, 2017). The CNN model presented in the paper is pre-trained with the MS-COCO dataset (3000 images and 80 object categories with multiple objects per image), thereby tested on two different test sets which includes ImageNet Room objects (1345 images with 12 object categories that can be found in a bedroom) and Karina dataset (16 videos of 3 minutes in 7 different rooms containing 40 categories). The accuracy of the model turns out to be excellent on the ImageNet dataset but low on the Karina dataset due to poor image quality in the videos.
This paper presents an application of convolutional neural network for art painting identification to detect copyrighted images used without content provider’s permission for commercial purposes (Yiyu et al., 2017). We reviewed other related works for art painting identification as described in the paper, one of which is Scale-Invariant Feature Transform (SIFT) a state-of-art handcrafted image descriptor and compared its operation with the proposed machine learning approach. However, the artwork dataset used in the paper had 100 main art images distorted in various forms (scaling, color variation, projection, rotation, and translation) to expand the dataset (30000 distorted images). Training the CNN used 25000 of the dataset and 5000 for testing the accuracy, the entire methodology presented in the paper produced a CNN with 2% test error rate which very much efficient than the with 15.6% error rate.
This thesis report by (Homem, 2016) presents an architecture for automation of digital forensic in mobile and cloud environments to ensure the soundness of digital evidence in the judicial system and reduce human intervention in the forensic investigation of this evidences. Digital forensic involves various tedious processes due to a large number of digital devices and data available during criminal investigations and various research studies suggest ways to mitigate this problem, however, the solution presented in this research is a technological solution to automate a large amount of the entire forensic analysis process. They review various tools used in the digital investigation to improve the efficiency of the process, however, this tools still require human expertise. They explore four research ideologies for digital forensic automation which all sums up to the entire architecture presented in the paper. The Life Evidence Information Aggregator (LEIA) architecture presented in this research is considered a hypervisor-based and a peer-to-peer distributed system with a cloud-based backend for digital evidence acquisition, however, they develop a prototype for experimentation. We also review another research carried out in this paper on semantic representation and integration of digital evidence collected during a forensic investigation in a defined manner to reduce the time consumed for the investigation. The architecture and other ideologies presented in this thesis have a high potential for reducing the time of digital forensic pieces of evidence with less human efforts.
In this paper, Brown, and colleagues (Brown et al., 2005) develop an image mining system to detect illicit images with criminal behaviors for digital forensics. They describe the model built using support vector machine (SVM) and a Bayesian classifier that focuses on the core aspect of the image mining feature of the model to filter relevant features of on images based on grammar query from the user. The model developed is trained to classify appropriate and inappropriate images based on clad and nude content respectively, they use a training set of 214 images in three different color spaces to train the SVM model. The performance result of the model is quite remarkable considering the time of the research with 92% true positive results and 79% true negative detection rate, however incorrect classification can be corrected and fine-tuned by the grammar-based query and feedback feature provided by the system for communication with the user. The system is considered highly flexible to be used with other machine learning classification algorithms and envisaged to have a high degree of relevance in digital forensics.
In this paper, Francesco and his colleagues (Francesco et al., 2015) presents a method to prevent counterfeit images from being detected by state-of-the-art forgery detectors by modifying certain micro-pattern in these images. They present a strategy for counter-forensics which overrules the operation of techniques used for forgery detection which uses the statistical distribution of micro-patterns in images which are optimized through high-level filtering and summarized in some image descriptor used for the final classification. We review the statistical algorithm proposed for counter forensics of images or videos which they describe as Greedy Sampling Algorithm, they analyze it’s efficiency when it has a limited knowledge or a perfect knowledge of the feature used by a forgery detection algorithm for classification (genuine or not). They propose the success of the research in the paper by analyzing the experimental result of the counter-forensics algorithm on 100 images, thereby the output images are indistinguishable by the forgery detector. However, the result is remarkable when the algorithm presented has a complete knowledge of the feature extraction technique used by the detector compared to the limited knowledge scenario which consumes more CPU time.
In this research paper, Rayson and his colleagues (Rayson, et al., 2017) describe a real-time end to end automatic license plate recognition system using the state-of-the-art YOLO convolutional neural network algorithm for object detection. They use a public dataset of 4,500 images of (more than 30,000 license plate characters) to train and fine-tune the final layer of the model thereby achieving an outstanding result. The dataset is prepared with 3 different camera use to take photographs of license plates at different angles, consequently the large dataset and the quality of images it contains largely contributes to the level of accuracy achieved by the model developed. In this research, however, a model is not created from scratch for object detection, they retrain CR-NET, YoloV2 and Fast Yolo which are pre-trained state-of-the-art models for object detection (Transfer Learning) and compare their results. Transfer learning involves retraining pre-trained machine learning with a similar dataset to the dataset initially used in its training stage and sometimes requires some fine tuning for optimum accuracy to be achieved. The research utilizes YOLO at all three stages of the research: License Plate Detection. Character Segmentation and Character Recognition of letters and numbers contained in the license plate images to validate the authenticity of license plates. The experimentation is done using the Darknet Framework on GPU (3,840 CUDA cores and 12 GB RAM) due to the computational power required to train YOLO on a large dataset.
However, the accuracy achieved with the developed model is 78.33% which they describe as not satisfactory for a real-life ALPR system.
This research paper proposes a data mining technique digital forensic investigations, data mining is a concept which involves analysis of several available datasets and finding relevant information from the relationship of data items in the datasets (Priyanka & Prashant, 2014). They present the GSP (Generalised Sequential Pattern) algorithm for digital forensics, the algorithm is an application of sequence mining. We review the text data set which the forensic investigation is carried out on with the algorithm, however they optimize its operation by adding a statistical test analysis and the SOM (Self-Organizing Kohonen maps) classification technique. SOM is a neural network model which is used to map a high dimensional input data to a lower dimensional space thereby giving a more unsupervised learning sequence from textual data used in the paper, it is used mostly for clustering and visualization of high dimensional data. The accuracy of the data mining methodology presented in this paper for digital forensics in tested on the data contained in a USB drive and it is accuracy is very impressive with 98.3%, which is higher than a method used to compare its accuracy in the research. Thereby, they present a standardized approach for digital forensics using data mining techniques.
This paper presents an optimized method for digital image forensics by validating the authenticity of images through recognition of the particular camera used to take the photograph (Muhammad et al., 2017). They explain the need for this study which is due to the large variety of mobile phones today with highly sophisticated cameras it becomes highly expensive in terms of time and computational power to carry out digital forensic analysis on a single PC thereby they present a novel approach on a distributed system using Hadoop. Hadoop is an open source framework developed in JAVA that allows distributed processing of large data sets across several clusters of computers using a simple programming model, the framework was developed by Apache Software Foundation. They experiment the source camera identification methodology presented on 6000 images taken by six (6) mobile phone cameras using Hadoop for feature extraction and Manhout Random Forest Classifier for image classification, thereby achieving a very efficient forensic analysis process in terms of speed and an accuracy of 85% to 95% across various mappers.
2.4 Summary of Research Findings
The review essentially explores various other works where machine learning is applied solve to digital forensic problems and the architecture of Convolutional Neural Networks, which is the proposed machine learning algorithm used in this research. The criminal investigation requires analysis of a large amount of data mostly visual (images and videos) for physical crimes, which can be very technical and error-prone when done manually.
Crime scene reconstruction is an aspect of forensic criminal investigation which involves predicting the actual course of a crime event, however, the concept lacks a standardized approach as evidence patterns vary from one crime scene to another thereby the need for a machine learning model to reduce the discomfort and technicality of forensic investigations at a crime scene.
Machine learning algorithms like the R-CNN as aforementioned in a research work reviewed in the previous section (Surajit et al., 2017) have played a major role in real-time object detection crime evidence analysis but we proposed a more optimized approach using the YOLOV2 to develop a mobile app with real-time object detection feature for crime evidence analysis.
Convolutional Neural networks is an artificial neural network in which is used mostly for image classification problems due to the connectivity pattern of the network inspired by the animal visual cortex in the brain. The algorithm manipulates image pixels with matrix operations using certain layers in the network. A standard convolutional neural network has six basic layers which analyses images for final classification at the output layer, they include:
i. Input Layer
ii. Convolutional Layer
iii. ReLU (Rectified Linear Unit) Layer
iv. Pooling Layer
v. Fully connected layer
vi. Output Layer
Figure 2.1 Architecture of a Convolutional Neural Network
Convolutional neural networks (CNN) have become a gold standard for image classification thanks to the large dataset of images like ImageNet, MS COCO and so on which have thousands of object classes to train with.
In recent decades, various CNN is increasing and developing some reviewed examples are the Inception V3 Model by Google, R-CNN, Faster R-CNN, YOLO and so on.
In this research work, we retrain the YOLO Detector on our custom dataset (common object in a room) to create a model for object detection useful for crime evidence analysis to recreate a crime scene and finally use this model on a mobile app to test the model on a real-life system.