Treffer: Enhancing Digital Forensics Investigations Using AI Driven Anomaly Detection and Log Correlation: A Mixed Methods Approach

Traditional digital forensics investigations have faced psersistent challenges related to the increasing volume, complexity, and latency of log data, limiting timely detection and accurate incident reconstruction. In response, artificial intelligence (AI) and log correlation have emerged as promising solutions to automate anomaly detection and synthesize cross source evidence. This study aimed to evaluate how AI driven anomaly detection and automated log correlation can enhance digital forensic investigations by improving the speed, accuracy, and contextual relevance of findings. A mixed methods research design was employed, combining quantitative analysis of AI models such as autoencoders, Long Short Term Memory (LSTM) networks, Isolation Forest, and Random Forest with qualitative insights from expert interviews and incident response case studies. Tools including the ELK Stack, Splunk, and Python based machine learning libraries supported the technical implementation. The results showed that Random Forest and LSTM models achieved high accuracy and F1 scores, while log correlation techniques demonstrated over 90% effectiveness in reconstructing incident timelines. Expert feedback affirmed the value of automated triage and visualized evidence but highlighted concerns around model explainability and the need for context aware AI. Convergence was observed between model performance and practitioner trust in interpretable outputs, while divergence appeared around black box models. The study contributes to advancing forensic automation by integrating robust AI techniques with human centered design and emphasizes the importance of ethical and standardized deployment in practice. These findings offer practical implications for digital forensic professionals, inform cybersecurity policy, and guide future research on explainable and scalable AI forensics systems.