Forensic Science Experts for Criminal Defence Solicitors
Call head office 01782 394929
London Office 0207 118 9001
Freephone 0800 999 7 666

ChatGPT’s Role in Digital Forensics

Written by: Alan Baker 13th October, 2023

Looking at the field of digital forensics, Large Language Models (LLMs), such as ChatGPT, offer a range of advantages for enhancing and expediting the investigative process.

However, as is the case with any application of artificial intelligence (AI) within digital forensics, it is imperative to adhere to the principles of an “AI-assisted investigation” and maintaining a “human-in-the-loop” approach. This is to avoid excessive reliance on these systems and prevent a loss of fundamental comprehension of the evidence. In numerous instances involving sensitive or confidential data, it may not be feasible to employ a publicly hosted LLM, necessitating the use of a locally hosted installation.

Some of the beneficial applications of this technology include:

– Automatic script generation: LLMs prove exceptionally useful for generating scripts or programs for evidence analysis, obviating the need for manually crafting intricate scripts, queries, and regular expressions.

– Question answering: Similar to personal assistants like Siri or Alexa, LLMs can respond to plain-language questions, expediting investigations and making forensic data accessible to legal professionals without specific digital forensic expertise.

– Multilingual analysis: LLMs can search for information in the user’s native language and retrieve pertinent data, irrespective of the language in which it is written, thereby simplifying cross-linguistic cases.

– Automated sentiment analysis: LLMs can swiftly identify threatening, grooming, harassment, phishing, or hate speech communications, streamlining investigations.


However, the utilisation of this technology is not without its risks, which encompass:

– Bias and errors: The reliability of AI systems hinges on the quality of the training data, and these models may lack moral or ethical judgement.

– Legal issues: The use of LLMs in investigations may encounter legal challenges due to the complexity of their architecture, making it challenging to elucidate the precise process involved in identifying incriminating evidence.

– Overreliance: Easy-to-use automated systems can foster an overreliance on their usage, potentially causing investigators to overlook the need for manual investigation techniques.

– Ethical concerns: The adoption of this technology raises ethical queries regarding transparency, privacy, fairness, non-maleficence, and trust, particularly in relation to the dependence on its output and data access.

– Lack of human judgement: Pre-trained models may not possess the level of human judgement and insight required for many investigations.


Additionally, these models could potentially be exploited for various criminal activities, such as phishing, malicious code obfuscation, and hacking, discussions of which are already taking place in underground criminal forums. Users of LLMs might find themselves subject to forensic investigation, with the retention and preservation of data by service providers, including prompts, access logs, and generated responses, serving as the primary source of evidence.

With the increasing demand for digital forensic experts on a global scale, it is plausible to anticipate the emergence of an advanced digital forensic first responder model in the near future. Such a model could leverage technologies like ChatGPT to enable the natural language querying of digital evidence by individuals without specific digital forensic expertise, potentially leading to the establishment of a new career specialisation: digital forensic prompt engineers.