PORTABLE FORENSIC ANALYSIS TOOL FOR COLLECTING ARTIFACTS FROM BROWSERS AND USB (PFAT)

Abstract

As digital evidence obtained from USB devices and web browsers becomes more complex, it is becoming more common for traditional forensic tools to have difficulty dealing with and processing large and diverse sets of data. This research introduces Portable Forensic Analysis Tool (PFAT); a lightweight, cross-platform solution that caters to automated artifact extrac- tion, classification, and reporting. PFAT is compatible with the major web browsers (Chrome, Firefox, and Edge) as well as with USB metadata, file logs, and logs of users’ actions. Random Forest and Support Vector Machines are used by PFAT to examine user activities for possible irregularities. PFAT achieved classification performance on par with 94% on benchmarks and outperformed Autopsy and FTK Imager not only for speed but also for artifact coverage. PFAT’s timeline-generated and visual-reporting capabilities increase investigative transparency and reduce the burden of work to be filled by investigators. The approach illustrates remarkable improvements in the efficiency of forensics, with its broad potential for application in the field, law enforcement, and cases where quick triage is required.

Index Terms—Digital Forensics, USB Devices, Browser Ar- tifacts, PFAT, Machine Learning, Anomaly Detection, Forensic Automation, Visual Reporting.