Continuing the Conversation: AI and Mobile Forensics

If you aren’t embracing AI in some way, shape, or form, you are behind the curve. Even those who have purposely avoided AI may be shocked to realize that as smartphone owners, they’ve been utilizing the technology for years. Since the first big AI-focused software rollout by the two major mobile operating system vendors in 2024 (with the release of iOS 18 and Android 15), we are continuing to see these platforms evolve to makeour devices operate in ways that are uniquely configured to our wants and needs based on learned patterns and behaviors. So, what does all this AI mean for forensics, and should we be afraid to embrace AI assistance when it comes to mobile device forensics?

One increasingly common ask for digital forensic examiners is to clearly differentiate generative AI-created/altered images and content. With AI image generators making up thousands of the applications in Apple’s AppStore and the Google Play store, and with hundreds of new such applications being added every day, this is a daunting task for investigators. Even maintaining the most basic level of familiarity with application features requires daily research on the part of the examiner. We often rely on robust operating system logs to provide the answers, and fortunately we are starting to reap the benefits of these forensic artifacts when it comes to tackling this generative AI dilemma. The level of tracking is still imperfect, with many images not being flagged as AI-generated, but we are hopeful that the logs maintained by the operating system will become a better source of truth in our quest to identify real versus AI-generated files.

The latest update to FOR585: Smartphone Forensic Analysis In-Depth tackles this scenario head-on. We investigate a myriad of forensic tool suites, open-source tooling, and processes aimed at correctly identifying images generated or altered by generative AI. What we find is that no solution is perfect, not even the files logging these artifacts at the OS level, but by combining a multitude of techniques, we are better equipped to make the distinction.

This brings us to the controversial topic of using AI to assist in forensic analysis. A new module and hands-on lab exercise outlines the ethical and safe uses of AI to assist in forensic analysis and discovery. We discuss public and private solutions and how to utilize each in ways to supplement your analysis. Our roles as examiners will not be replaced by AI, but what we should aim to do is utilize advancements in technology in a safe way to expedite our analysis. This could include consolidating notes and organizing findings, helping with report writing, and generating source code for specific tasks. A new hands-on exercise combines your mobile forensic knowledge of application data with AI assistance in source code generation to create working scripts to quickly parse pertinent information, all without disclosing any sensitive information on public-facing systems.

We can’t let our reluctance to adopt AI hinder our digital examinations. Safe, ethical use of the technology enhances our existing processes, expedites the time to evidence, and frees up examiners to solve more cases and tackle the growing backlog.