Professional Documents
Culture Documents
ChatGPT and DFIR - Belkasoft
ChatGPT and DFIR - Belkasoft
ChatGPT and DFIR - Belkasoft
T
he idea of this mini-book came about after a lively discussion in a digi-
tal forensic community chat on the topic of ChatGPT. ChatGPT is truly
impressive—it speaks like a human and seems to have an answer to any
question you ask. It is no surprise that it is being called a “Google killer”.
Many of the community’s participants were excited about ChatGPT, and the chat
thread included a number of thoughts for this technology’s applications—both
for DFIR itself and for the dark side of things. The examples of the former could
be an artifact parser script generation, and of the latter, malware script creation.
An attempt of
StableDiffusion to
generate a scissors
kick photo. Graphic
designers breathed
a sigh of relief
For example, it is inspiring to glance over code generated by ChatGPT based on a
textual specification, like this one:
However, when you read this code, you find that it is a basic snippet which does
not require in-depth software development skills. Code snippets provided by
Microsoft Visual Studio or JetBrains products are not that different.
Now, given that digital forensics is so specialized and each case is unique, requiring
a non-template, non-standard application of an expert’s in-depth technological
experience, can ChatGPT really significantly ease DFIR work?
Potential applications
A good DFIR test for ChatGPT is to ask it to write an SQLite statement to parse
Google Chrome history. The expert who suggested it, said that “ChatGPT made
the correct join, but otherwise a basic statement”:
Indeed, that was a simple select which inner joined “urls” and “visits” tables.
Though might be a time saver for a beginner, would save just a couple of minutes
to an experienced expert.
Another idea was to use ChatGPT to create a social media policy. The resulting
document which was characterized by an expert as “it gives you a starting point
that you can submit to the boss to show you have started to work on it :)”. Similarly
to the SQL query idea, the work only starts with the AI’s generated result, not
ends with it.
I
may not be a grandmaster, but I have a bit of chess under my belt from my child-
hood days. So, when a public group chat started comparing Google DeepMind and
ChatGPT, claiming that ChatGPT was better at chess, I couldn’t help but feel a bit
skeptical. I thought to myself, “there’s no way a language model, as advanced as it may
be, could beat me at chess.” I even went as far as to bet that it wouldn’t be able to, not
even when compared to DeepMind, which has been known to defeat world-renowned
chess players like Kasparov.
Out of curiosity, I asked ChatGPT if it could play chess, and to my surprise, it said yes.
Though, the reasoning behind it (“as a language model, I can...”) seemed a bit strange to
me. Nevertheless, I decided to give it a shot and asked if it wanted to play a game with
me.
It was me who made the first mistake, though. After e4-e5, I played Kf3, confusing the
notation (K stands for King, not Knight). ChatGPT immediately caught my mistake and
correctly pointed out that the move should have been Nf3. We opened the game with
the defense of Philidor, so I was a bit confused when ChatGPT played Bc5. I
wondered, “how can you play Bc5 if you have a pawn on d6?” ChatGPT apologized
for the confu-sion and explained that it could not move the pawn on d6 to play Bc5
since pawns can only move forward.
The genius technology confused the The ChatGPT’s sixth move was...
chess rules right whilst its third move “0-0”!
It was clear at this point that ChatGPT was not I asked again, “you have a bishop on f8, don’t
exactly a chess prodigy, but I decided to see how you?” To my surprise, ChatGPT replied with
the game would unfold. ChatGPT played Nf6 something completely strange: “I apologize for
and after I played Nc3, it played... Nf6 again! I the confusion, as a language model, I don’t have
asked, “don’t you already have N on f6 in your physical pieces to move.” I tried to explain that
previous move?” ChatGPT agreed and gave me I was not talking about the physical world and
its pawn by moving it to d5. I captured it with asked where its bishop was in our chess game,
my knight and got Nc6 in reply. but it kept apologizing and would not give me a
straight answer.
I played 0-0 and ChatGPT did the same. This was
when things got even more interesting. I decid- After a dozen more questions, I finally gave up
ed not to point out an illegal move, but instead and asked ChatGPT for its next move. It played...
asked, “where is your bishop?” ChatGPT replied d5! At this point, the game had turned into a
that it had not played a bishop and apologized complete waste of time, and the experiment was
twice. I asked more directly, “can you play 0-0 over.
with the bishop on f8?” ChatGPT replied by ex-
plaining the meaning of the “0-0” notation.
Potential problems
A
s usual, all technological breakthrough can be used both to the good and
to the bad. While the good side of things have yet to be fully realized (how
to wisely apply the new technology?), the negative one seems to be easier
to exploit.
However, cybersecurity experts are quick to point out that automatic generation
of malware is less of a concern: “However, straight-arrow users have nothing to
fear. If bot-written code is actually used, security solutions will detect and neutral-
ize it as quickly and efficiently as all previous malware created by humans. What’s
more, if such code isn’t checked by an experienced programmer, the malware is
likely to contain subtle errors and logical flaws that will make it less effective. At
least for now, bots can only compete with novice virus writers.”
Another obvious problem can be to detect and prove malicious searches. Tra-
ditional Google search requests leave a footprint in the browser history, which
can be easily analyzed (see the “Case of Casey Anthony” and the “Case of Brian
Walshe”). However, ChatGPT sessions will look like that in the browser:
Now, if this search does not leave a local footprint, why don’t users start searching
for illegal stuff with the technologies like ChatGPT? One can argue: these tech-
nologies have built-in protection against potentially criminal applications. While
this is true, we have already heard of one-step workarounds, when a person who
asks, just clarifies their prompt to be “a fiction book plot”, “a computer gameplay”
or “a movie scenario”.
The experts are worrying: “Once these AI solutions start replacing tradition-
al search engines, how will that affect our browser analysis?” At this moment it
looks like one has to monitor and decrypt network traffic to figure out such search
requests. The experts also warn: “Most of the expected use of these tools will be
through an API, which will be a little more difficult to track.”
The author of this text believes that ChatGPT by itself is not scary as of now. How-
ever, coupled with the deepfake technologies made much more available these
days, as well as text to audio generators, and ChatGPT language capabilities, it can
be a dangerous combination. This blend could make mass targeted attacks, previ-
ously only viable against high-profile individuals, cheap and potentially aimed to
much larger volumes of potential victims. This may include both phishing attacks
and attacks against children, which can also be leveraged by AI. In short, it is a
double-edged sword that we need to handle with care.
C
hatGPT, the language model developed by OpenAI, has been touted as a
game-changer in the field of digital forensics. Some experts have claimed
that it can be used to analyze large amounts of data and uncover hidden
patterns that would be impossible for humans to find. However, not everyone is
convinced of its capabilities. In this article, we took a look at the use of ChatGPT
in digital forensics and examine whether it is truly capable of revolutionizing the
field.
One of the main arguments in favor of using ChatGPT in digital forensics is that
it can quickly analyze large amounts of data. However, it’s important to remember
that the model is only as good as the data it is trained on. If the training data is
biased or incomplete, the model’s results will also be biased or incomplete. Addi-
tionally, the model’s ability to process large amounts of data is only as good as the
computer it’s running on.
Perhaps the biggest concern with using ChatGPT in digital forensics is the po-
tential for bias. Language models like ChatGPT are only as unbiased as the data
they are trained on. If the training data is biased, the model will also be biased.
Additionally, the model’s ability to understand and interpret text is limited by the
language it was trained on. If the data being analyzed is in a different language, the
model will struggle to understand it.
N
eedless to say, the conclusion 1 was written entirely by ChatGPT. The first
reader to guess the prompt will get Belkasoft X full license free.