SN Computer Science (2023) 4:186

https://doi.org/10.1007/s42979-022-01599-8

REVIEW ARTICLE

An Insightful Analysis of Digital Forensics Effects on Networks

and Multimedia Applications
Aishwarya Rajeev1,2 · P. Raviraj3

Received: 7 October 2022 / Accepted: 17 December 2022 / Published online: 31 January 2023
© The Author(s), under exclusive licence to Springer Nature Singapore Pte Ltd 2023

Abstract
Humans have benefited greatly from technology, which has helped to raise standards of living and make important discov-
eries. But there are a lot of hazards associated with using it. The prevalence of digital video through mobile smartphone
applications like WhatsApp and YouTube as well as web-based multimedia platforms are likewise gaining in importance as
crucial. But there are also global security issues that are arising. These difficulties could cause significant issues, especially
in cases where multimedia is a crucial factor in criminal decision-making, such as in child pornography and movie piracy.
Consequently, copyright protection and video authentication are required in order to strengthen the reliability of using digi-
tal video in daily life. A tampered film may contain the relevant evidence in a legal dispute to convict someone of a violation
or clear a guilty party of wrongdoing. Hence, to develop it is crucial to have reliable forensic techniques that would enhance
the justice administration systems and enable them to reach just verdicts. This article discusses numerous forensic analysis
fields, including network forensics, audio forensics, and video forensics. In this study, many algorithms such as Random
Forest, Multilayer Perceptron (MLP), and Convolutional Recurrent Neural Networks (CRNN) are used for implementing
different types of forensic analysis. Also, image fusion is used which can provide more information than a single image and
extract features from the original images. This study came to the conclusion that the random forest provides the finest results
for network forensic analysis with an accuracy of 98.02 percent. A lot of work has been done during the past years, through
an analysis of current methods and machine learning strategies in the field of video source authentication and the study aims
to provide a thorough summary of that work.

Keywords Web-based multimedia platforms · Copyright protection · Image fusion · Machine learning strategies

Introduction

Using scientific methods or skills to look into crimes or

evaluate evidence that might be used in court is known as
This article is part of the topical collection “Advances in forensic science. Making sure that digital content is correct
Computational Intelligence for Artificial Intelligence, Machine and legitimate is the goal of the forensic science subfield
Learning, Internet of Things and Data Analytics” guest edited by S. known as “digital media forensics.” To detect modifications
Meenakshi Sundaram, Young Lee and Gururaj K S.
and forgeries thereby attesting to the legitimacy and reli-
* Aishwarya Rajeev ability of the digitalized data with the origin of the data, it
aishwaryarajeev@gmail.com primarily emphasizes scrutinizing the data. Cybercrime is
P. Raviraj a type of digital crime with social motivations that uses the
raviraj@gsss.edu.in internet as a tool [3]. Over a few decades, the diverse field of
cybercrime has expanded from straight- forward credential
1
GSSSIETW, Affiliated to VTU Belagavi, Mysuru, threats to geopolitical crime. Forensics is a well-organized,
Karnataka, India
analytically effective form of investigation for tackling
2
Department of CSE, CIT, Affiliated to VTU Belagavi, cybercrime. The three fundamental components of general-
Ponnampet, Karnataka, India
ized cyber forensics for network environments are taking a
3
GSSSIETW, Affiliated to VTU Belagavi, Mysuru, Karnataka,
India

SN Computer Science
Vol.:(0123456789)
186 Page 2 of 8
look at the facts, addressing the evidence, and assembling
the evidence.
The elicitation, preservation, and identification of confis-
cated materials are part of the collecting phase. Analyzing,
interpreting, and validating the evidence items are all part
of the examination step. Additionally, the handling phase
includes recording and presenting evidence in a way that is
acceptable to a court of law. In a cloud platform, there are
ways to identify ICMP attacks, TCP Sync attacks, or UDP
attacks as well as recommended techniques for gathering and
separation. These approaches allow for the limited examina-
tion of the indication discovered both inside as well as out-
side. In order to speed up the processing of the digital record
of suspected cloud infrastructure, it is mentioned to look at
the TCP or UDP Sync Attack and also ICMP Attack, with
the data on detection in locations where vital evidentiary
information would probably be there. Due to the extraordi-
nary recent spread of smart devices like mobile phones and
advancements in numerous technologies, digital multimedia
is evolving into an indispensable and integral element of
our existence within our society’s fabric (such as mobile,
wireless networks, etc.). For instance, when counterfeit and
fraudulent multimedia is accepted as evidence, it may have
an effect on court rulings. The authenticity of electronic
multimedia like images, audio, and video has become harder
to verify due to continual advancements in theft forgeries.
Although a picture and video quality have improved some-
what, authentication of digital audio is in its early stages. The
examination and inspection of audio to establish its valid-
ity are part of digital authentication and forensics, which
have many applications (i.e., detect forgeries, if any). For
instance, it is possible to playback or alter a voice recording
made by an authorized user in order to acquire confiden-
tial information. Additionally, it can be applied for copy-
right purposes, such as spotting bogus MP3 music. Some
of the techniques used in audio forensics include Extreme
Gradient Boosting (XGB), K-Nearest Neighbor Algorithm
(KNN), Support Vector Machine (SVM), Random Forest
(RF), Logistic Regression (LR), and Multilayer Percep-
tron (MLP). Due to recent technological developments, the
amount of digital media material on the internet has almost
doubled. People may now capture and save every element
of their lives as multimedia content due to the increase in
the use of smartphones. In addition, the number of surveil-
lance cameras used to monitor offices, streets, and traffic
has grown. Due to the exponential growth of multimedia
data, it is now essential to manage and fully utilize a variety
of approaches for data analysis. The challenge of identify-
ing patterns in data that deviate from expected behavior
is referred to as anomaly detection. Assessing the audio’s
consistency, establishing a recording device's position, and
identifying the audio speakers are just a few of the numerous
activities that make up digital audio forensics. While several
SN Computer Science
SN Computer Science (2023) 4:186
forensic methods have been developed for use with digital
images, there has not been much study on how to use videos
for the same purposes. Even though Ada Boost and Decision
Tree provide excellent models, a random forest provides pre-
dictions with more accuracy. According to recent research,
video identification [14] is more difficult than the methods
that aid in the identification of an image’s origin. Algorithms
for using video tracking recognize and classify various sen-
sor forms from audiovisual footage taken by digital cameras.
Movies recorded on devices on the go are not immune to
these types of attacks due to the practice of disseminating
these types of data through storage devices, social media,
and by losing these mobile devices. The chances that these
films being altered by cybercriminals and used as digital
evidence in procedural settings have increased recently. In
order to effectively combat crime, it is necessary to develop
trustworthy and scalable forensic techniques. Although the
random forest builds models using numerous decision trees,
it is much more efficient than decision trees or any other
category model. Nave Bayes performed the lowest among
minority groups, while MLP produced great precision and
retrieval outcomes. Multilayer Perceptron’s (MLP) overall
accuracy was 98.63 percent, Random Forest's accuracy was
98.02 percent, and Naive Bayes’ accuracy was 96.91 percent.
Cybercrime in Different Fields
Cybercrime is on the rise, both technologically and psycho-
logically, and there are more methods to stop it. Despite
the research scholar’s hard work, they come up with ways
to defend against them, but the list of zero-day attacks [15]
still holds true. In [8] Flexible feature selection (based on
machine learning) and a scalable and adaptable framework
for analysis were included for the purpose of identifying
fraudulent traffic. A method for managing massive data in
real-time, including feature extraction and data cleaning
from seized and confiscated evidence items, was also intro-
duced. Finally, a machine learning model was developed
using durable documented proof, evaluated, and contrasted
in order to update artificial intelligence data and automate
the suggested strategy. The correctness of a model is crucial
for forensic purposes, because it will be used as evidence in
court to determine the appropriate verdict. It is the respon-
sibility of professionals in the field of forensic analysis to
guarantee the reliability of the evidence generated. The
paper [11] discussed the requirements and difficulties of
using machine learning for digital forensics on the cloud.
In addition to its expanding application, it is employed in
a number of criminal activities. Due to escalating risks and
constraints, cloud service digital forensic assessments can-
not be done using the forensics techniques today. Although a
lot of data can be collected as proof, it is difficult to integrate
SN Computer Science (2023) 4:186
everything on one platform. To address these constantly
evolving problems, fresh forensic approaches are required.
Consequently, there was a framework developed for cloud-
based universal digital forensics. Additionally, offered
techniques for dead and live forensic collection and analy-
sis inside and outside of the TCP and UDP Sync Attack,
and ICMP Attack as well as developing a forensic digital
inspection for the incomplete analysis in cloud computing
systems highlighting specifically the issues that a digital
forensic investigator would experience while conducting an
examination in a cloud computing setting (Fig. 1).
Review of Various Forensic Analysis
The study [2] presented three human psychoacoustic prin-
ciples for a solution for autonomous audio authentication.
These ideas are used for real and false audio in order to get
the vectors of features. Automated verification is then carried
out utilizing the GMM. The suggested approach offers 100%
accuracy in identifying fake audio and video in both chan-
nels. Despite the differing recording locations, the recording
microphone is the same for both channels. The three differ-
ent ecosystems are classified with 99% accuracy, in addi-
tion. The audio text is crucial in automated systems which
are built on supervised learning. The proposed method is
therefore assessed according to both text-dependent and text-
independent criteria. A maximum accuracy rate is the great-
est possible. The system is trained and evaluated on different
speakers during each trial (i.e., it is speaker-independent),
and the outcomes are consistently precise, dependable, and
pointedly better than judgmental assessment. The reduced
subjective evaluation accuracy demonstrates that the fabri-
cated audios are produced with such advanced technology
that human judges are unable to recognize the fraud. Tech-
niques to analyze the data are required as the rate of multi-
media output accelerates. The ability to spot abnormalities
can be a crucial tool for sustaining both public and private
assets and improving individual security. The study [12] per-
formed trials employing a variety of audio data attributes in
Fig. 1  Cyber attacks increased 50% year over year
Page 3 of 8 186
order to find anomalies in the audio data. The chosen feature
set is used with several machine learning methods to find 7
distinct anomalous events in 15 distinct environments. The
method consistently outperformed state-of-the-art research,
according to experiments, with the aim of spotting anoma-
lies in audio data. As shown in the research [10], it is pos-
sible to successfully train deep neural convolutional neural
networks and spectrograms to categorize environments and
record apparatuses in spoken sound. The MP3 recordings
from the dataset contained spectrograms that were extracted
and sent as 2D images to the CRNN models. The selected
dataset consists of three types of environments with vary-
ing levels of noise and four different procurement equip-
ment consisting of varying levels of quality. The impact of
ambient noise, sound slice, speaker gender, and acquisition
device quality in the location and microphone categories
were investigated through a number of tests. The findings
demonstrated that gender had a variable impact depending
on the classification task. While male speakers’ accuracy in
the microphone classification was marginally higher than
that of female speakers in the environment classification, in
comparison to voiced phonemes, unvoiced phonemes pro-
duced outstanding outcomes in a shorter amount of time.
The outcomes also demonstrated that performance was
not significantly enhanced by employing a complete audio
source. In spite of background noise or poor recording qual-
ity hence, the proposed CNN and CRNN models generated
reliable and excellent outcomes. In terms of classification
of the environment and microphone, CRNN did better than
CNN overall. A recent study [13] has shown that in order
to keep up with the growth of imaging devices, it is neces-
sary to either invent new approaches or make improvements
to existing ones. Concurrently, creating new databases for
use with modern hardware is crucial. In reality, finding the
origin of video devices in a huge dataset is very much more
difficult than typical categorization. The study of new data-
bases revealed that both situations may use improvement,
although ISCI systems had greater space for growth.
Using Deep Learning
Focus should be placed on deep learning's independence
from the video scene's content, and current breakthroughs
in the field of deep learning [4] can also be taken into
account (that is, distinguishing content from the noise).
Combining the approaches and making use of both PRNU
and machine learning techniques may also aid to enhance
results (for instance, employing loss functions that may be
PRNU-based). It can be useful to supply models which are
pre-trained based on both previous and current datasets by
using recent deep-learning techniques in order to improve
outcomes. The article [9] presents a cutting-edge forensic
method for spotting post-processing on digital videos based
SN Computer Science
186 Page 4 of 8 SN Computer Science (2023) 4:186

on an examination of the multimedia container’s structure. Input: < k1; v1 > ⇒ map ⇒ < k2;
The method specifically enables the recognition of the most
v2 > ⇒ ‖combiner‖ < k2; v2 > ⇒ (1)
widely used instant messaging and social networking sites
nowadays. Additionally, it recognizes programs used to reduce ⇒ < k3; v3 > : Output
modify videos in specialized or non-specialist ways [7].
The highlighted extraction model was finalized using the
The suggested model successfully categorizes 12 social
three evaluated database architectures on a Hadoop cluster.
platforms in the experiment of social network detection
Technologies like intrusion detection systems and firewalls
with a success rate of 100%. In summary, the dataset used
have been added to deal with network threats. However,
is complete and more reliable because it consists of several
there are several disadvantages to these tactics when it
films from a variety of sources (social media sites and edit-
comes to network attacks. Recognition of executable data
ing software). Second, compared to other tools on the mar-
in network forensics is also important. Generally speak-
ket, the atom extraction technique extracts more data from
ing, network data containing executable content denotes an
the multimedia container. Furthermore, the structure of the
assault. Determining executable network traffic material is
data export technique makes analysis easier. The extraction
a difficult task, though. One of the main criteria for select-
technique takes into account the handling of information
ing executable content is precision. Here, employ MLP as a
in tiny particles which are incorrectly structured or include
technique for developing practical vectors which are capa-
errors, as well as particles that are not even mentioned in the
ble of recognizing workable data with an extent of fewer
specification of units of multimedia. The other tools do not
than one thousand five hundred bytes, which is typically the
account for this. The extraction technique also works with
MTU, or maximum transmission unit, of a data packet that
videos in the 3GP, MOV, and MP4 formats. The method
can be delivered. Additional false alarms hinder forensics
relies mostly upon supervised machine learning methods to
network-programmed investigative efforts or lower detec-
use the multimedia container structure. None of the studies
tion rates (more than 99 percent efficacy in detection). These
in the literature have employed this combination up to this
function vectors, however, do not take into account the byte
point. Last but not least, the results obtained outperform
order of the data fragment. Therefore, these vectors for data
those suggested in the literature in terms of editing software
chunks with low and extreme entropy are non-very accurate.
identification, apps for instant messaging, and online com-
The “forensic network” is a significant development in net-
munities. Additionally, using the computational expense of
work security. There are various stages in network forensics.
every step in the technique has been greatly decreased.
Each action has a distinct and important goal. The forensics
network assists with more than just the source attack. Attack
Feature Extraction
detection plays a key role in the network of forensics' effec-
tiveness. Two crucial parameters are a low positive false
Any relational database's huge data is primarily imported
recognition accuracy and a high specific prediction rate.
into the Apache Hive data warehouse database using Apache
Deep learning-based digital forensics using the proposed
Sqoop, and the important features of the network traffic are
fusion technique [1] is employed. The FFNN’s MLP varia-
extracted using the Hive query language (HQL). The abil-
tion is the most well known. MLP only permits one way of
ity to import data in accordance with the columns of a data
data flow, from input through processing, to output. There is
file (a CSV file) as well as the construction of the table is
no acknowledgment or feedback; rather, inputs and outputs
another feature offered by Sqoop. The context of the Hadoop
are combined using simple networks. The MLP architec-
cluster and its modules are used by Sqoop and Hive tools,
ture defines a broad pattern of neural links in various layers.
which are used for ‘Big Data’ ETL (extraction, transforma-
Inputs, caches, and outputs are the three layers that make up
tion, and loading) processes, to convert instructions and
the architecture. In an end-to-end layer, there are two con-
questions into MapReduce code. In addition, programmers
nected nodes. MLP is still completely related, too. There is
can use these tools to add their functions or queries to typi-
a limited algorithm-based weight for each association.
cal Java or Python MapReduce programs. Apache Sqoop is
compatible with MySQL and other relational databases in
Processing
addition to CSV import. Internally, HQL’s “group by the
clause” clause for features extraction uses the MapReduce
In order to make the automatic audio authentication sys-
algorithm for increased performance. The Mapper module is
tem resistant to text and speakers, the system is tested
responsible for shuffling mapping, sorting, and tokenizing,
and assessed using a set of speakers and a set of recog-
the module of Reducer, which is shown in Eq. 1, is in charge
nizable text. The cross-validation method is also used to
of locating and decreasing the key-value pair by employing
evaluate the system by utilizing every recording of the
its values hash.
fabricated catalog. The components extracted are the three

SN Computer Science
SN Computer Science (2023) 4:186
principles of the human hearing system which go into the
GMM to verify the audio authentication and classify the
situation. The suggested authentication system’s resistance
to recorded text is assessed using two different types of
experiments: text-independent trials and text-dependent
confirmation. Each experiment similarly includes a dif-
ferent set of speakers that are used to train and test the
system. This indicates that the technology can verify an
unauthorized person’s audio. This shows that the system
can authenticate an illegal user's audio. The suggested
system is additionally cross-validated using k-folds cross-
validation for each sample to weed out bias in the test sets
and information training. The original and fake audio’s
entire data set is split into k-disjoint subgroups for k-folds
cross-validation. Each time a subset is tested, the leftover
k-1 subsets are used for training. In order to derive useful
insights from audio, the data analysis entailed visualizing
the audio waveform and spectrogram. The MFCC, spectral
roll-off, zero crossing rate, spectral bandwidth, spectral
contrast, and spectral centroid characteristics are all used
together by the feature extraction methods. Before training
the classifiers in any machine learning model, pre-process-
ing is important to get outstanding performance. Because
of this, before audio data are given for additional analysis,
a number of pre-processing steps must be conducted. The
first phase, known as data framing, comprises the audio
data being transformed into a device format and collect-
ing values subsequently within a predetermined amount of
period. The pace at which voice data is sampled is known
as the sampling rate which will take values out of a 10-s
audio recording once every second. This frame rate for
sampling reflects a sound file's frame values that are con-
tained in one second, and it determines the total frame
numbers by dividing the frame rate of sampling by the
length of the audio file, as explained in Eq. 2.
Total Frame = Sampling Rate*Time (2)
A feature extraction technique is the MFCC. The most
often used MFCC capabilities in sound processing are
those for voice recognition. Anomalies are discovered
using the MFCC. Following the preparation of abnormal
audio signs, each frame of the audio waveform for each
signal will have the MFCC vector retrieved as a vector
group. Group of Pictures (GOP) in video forensics refers
to I, P, and B frames as intra-coded and coded images
which are both predictive and bi-predictive, one-to-one, in
the coding schemes as H.264 and MPEG series. Despite
the fact that recent codecs are based on “instantaneous
decoder refresh (IDR) frames”, all examined approaches
utilized frames to detect the source camera. Along with the
accuracy of the PCE and NCC values, can also consider
the true positive rate (TPR) and false positive rate (FPR).
Page 5 of 8 186
The area under the curve can also be determined using
receiver operating characteristic (ROC) curves (AUC).
The internal structure of the multimedia containers serves
as the primary tool for putting the suggested technique into
practice. To this, one may add the successful implementa-
tion of several algorithms in supervised machine learning.
Therefore, recommend a procedure having three different
steps. (1) Dataset groundwork entails producing, gather-
ing, and disseminating videos using 10 SN and 3 IMA. (2)
Construct a machine learning prototype employing two
categories of sub-processes by manipulating films with
five EP. (3) Data extraction: This stage requires using an
atom extraction technique. The utmost competent model
will be selected as the ultimate model to handle the full
dataset aimed at its eventual disposition. The effectiveness
of the chosen model is evaluated using a dataset other than
the training data. The atom extraction algorithm is used to
extract features, which is followed by pre-processing. The
outcome enters the prediction stage to pinpoint the social
network and video editing tools that were used to tamper
with the videos. Prior to training and testing, organize and
prepare the video dataset. After that, Algorithm 2 is used
to retrieve the structure of the multimedia containers. The
data are then ready for analysis using algorithm 3. Algo-
rithm 4 is used to build the machine learning model dur-
ing training, and during testing, the model created during
training is used to carry out the classification.
Review of Algorithms Used
(a) In Network Forensic Analysis
The machine learning module's main goal is to present a
useful model that, after being trained for network malware
analysis [5], performs equally well for malware reporting.
Although the random forest builds models using numerous
decision trees, it is much more efficient than decision trees
or any other category model. The removal of the simple
decision tree model's poor prediction accuracy was the
cause. The supervised learning replicas chosen meant for
the inquiry remained Neural Net. AdaBoost, Support Vector
Machine (SVM), Random Forest, and Decision Tree. This
model was verified using the sample from a recorded stream
of traffic, and these results were validated and discussed
using the CAIDA dataset. Such a design was then made
final for the forensic framework. Following that, authors [2]
evaluated several statistical metrics to demonstrate the relia-
bility and efficiency of machine learning models for big data
analysis and to support the use of the random forest which
is considered the most effective method to analyze network
traffic in order to find spyware. Even though Ada Boost and
Decision Tree provide excellent models, a random forest
SN Computer Science
186 Page 6 of 8
provides predictions with more accuracy. The random forest
provides the finest results for network forensic analysis. It is
possible to employ the proposed fusion technique (based on
deep learning for digital forensics). The most well-known
FFN variation is the MLP. MLP has been effectively used in
many applications, including regression, classification, and
time series prediction issues, by utilizing a straightforward
auto-regression model. Multilayer Perceptron’s (MLP) over-
all accuracy was 98.63 percent, Random Forest’s accuracy
was 98.02 percent, and Naive Bayes’ accuracy was 96.91
percent. Nave Bayes performed the lowest among minority
groups, while MLP produced great precision and retrieval
outcomes.
(b) In Audio Forensic Analysis
Through the use of the automatic authentication system,
automatic audio authentication is performed. Numerous
tests are run while accounting for different eventualities in
order to evaluate how well the suggested solution works.
Experimental data are categorized into three main groups.
The first category includes all genuine and fake audio from
both channels. The second group of environments is cat-
egorized using this method. The third type of authentica-
tion involves text-based verification. These trials employ
different speakers while still using the same text’s audio for
training and evaluating the suggested system. The speak-
ers that were employed throughout the system training do
not utilize in the validation phase. The structure compares
the audio to acoustic models made using various Gauss-
ian mixes in order to verify the same. The phony audio is
made with great care, thereby rendering it unbearable for a
judge to determine whether it is legitimate or forged. The
particular evaluation’s finest result for accuracy is around
55% in audio verification. Such exactness demonstrates that
the audio generated is of the highest quality and cannot be
evaluated by hearing or seeing.
The automatic audio authentication method under con-
sideration has a 45% accuracy rate, which is higher than the
best human judge. In order to discover anomalies, catego-
rize unexpected incidences, and evaluate their effectiveness,
computational techniques are applied. These techniques
include Extreme Gradient Boosting (XGB), K-Nearest
Neighbor Algorithm (KNN), Support Vector Machine
(SVM), Random Forest (RF), Logistic Regression (LR),
and Multilayer Perceptron (MLP). The anomaly detection
and classification algorithm, which offers a general system,
can be employed by enlarging the dataset of an uncommon
occurrence in actual audio. Event identification and categori-
zation are problematic since the unique dataset contains loud
noises, making it harder in some circumstances to recognize
events. It is clear from the baseline approach that the CAE
and Wave Net models perform very differently in various
SN Computer Science
SN Computer Science (2023) 4:186
acoustic contexts, illustrating how different acoustic envi-
ronments can drastically affect the models’ ability to detect
anomalies. “With a score of 27 on the datasets for the beach,
forest walks, and home environment, the suggested approach
[10]” had the largest AUC gain and delivered superior results
for the other classes. When employing CRNN and CNN for
automatic verification, the spectrogram was the only charac-
teristic employed. The gender of the speaker has an impact
on the system's accuracy along with the impact of using
both voiced and unvoiced phonemes. Various scenarios
also show the different types of settings and microphones.
These results were obtained by the proposed options in over
10 runs at each operation with similar process parameters
in order to achieve the highest possible levels of accuracy
employing the defined system and features (Fig. 2).
(c) In Video Forensic Analysis
The resolution of tasks in all fields has recently benefited
significantly from machine learning (ML), especially in the
forensic science and industrial sectors. Machine learning
(ML), a method for automatic data analysis and the devel-
opment of analytical frameworks, is a methodology that
combines four categories of approaches: supervised learn-
ing, semi-supervised learning, reinforcement learning, and
unsupervised learning. The video dataset should first be pre-
pared and organized for training and testing. An algorithm
is then used to extract the multimedia containers' structure.
The data is prepared in the end. The machine learning model
is created during the training phase, and the classification is
carried out utilizing the model during the testing phase. The
preparation of the dataset is a crucial step, because it affects
the caliber of the desired results. Only a few files include
original videos, videos that have been posted on social
media, and videos that have been altered by EP for forensic
purposes. The 4258 social media videos shared on 13 dif-
ferent platforms were compiled in [13]. All social networks,
Fig. 2  Comparing methods of text classification
SN Computer Science (2023) 4:186 Page 7 of 8 186

Table 1  Performance of ML algorithms/ models in selected studies

Area of application ML algorithms/models applied Best performing References

algorithm/model

Network forensic analysis Neural Net, AdaBoost, Support Vector Machine (SVM), Random Forest, Decision Random Forest [2]
Tree
Audio forensic analysis Gaussian Mixture Model (GMM), Extreme Gradient Boosting (XGB), K-Nearest CRNN [10]
Neighbor Algorithm (KNN), Support Vector Machine (SVM), Random Forest
(RF), Logistic Regression (LR), Multilayer Perceptron (MLP), Convolutional
Recurrent Neural Network (CRNN)
Video forensic analysis K-Means, Pattern Recognition algorithm, Deep Learning algorithm Deep Learning [6]

Table 2  Comparison of various algorithms

Algorithm Feature Used for Accuracy (%)

Random Forest Classification and regression Network analysis 98.92

Fusion algorithm Combine multiple input images into a single composite Multimedia analysis 91.66
image
MLP Classification, regression, time series prediction Network analysis 98.63
CRNN Has CNN been followed by RNN Audio analysis, video analysis 89

with the exception of TikTok and Snapchat, where videos
could only be downloaded and their source was unknown,
had their configurations for downloading and streaming vid-
eos in place. Based upon an analysis of the multimedia con-
tainer's structure, the work can identify digital videos that
have been post-processed. The method specifically enables
the detection of the most widely used social networks and
instant messaging programs today. The experiment for the
monitoring of social networks successfully categorizes 12
social sites with an outcome of 100% and can recognize
applications used to modify videos in such a particular or
general way. Also, a deep-learning-based tracking algorithm
is proposed to facilitate video forensic investigation which
can easily detect and distinguish suspected culprits and
devices from videos (Tables 1 and 2).
Conclusion
find different anomalous events. In the paper, numerous
techniques for network forensics, audio forensics, and video
forensics were evaluated with the algorithms. It was found
that Random Forest and MLP have more accuracy compared
to other algorithms in digital forensics. In this review, the
well-researched subject of digital camera identification on
video was looked at, and a summary of the definitions and
difficulties in this area of study was given. The advancement
of this work must be geared toward examining and broaden-
ing the forensic paradigm.
Funding This article has not received any funding.
Declarations
Conflict of interest It is stated by the authors that they have no conflict-
ing interest.

The correctness of a model is crucial for forensic purposes,

because it will be used as evidence in court to determine
the appropriate verdict. It is the responsibility of experts to
ensure that the evidence produced is valid in their capac-
ity as forensic analysts. Before submitting the evidence for
further inquiry, to determine the validity and dependability
of the evidence, the study recommended using a confirmed
and compared technique. In turn, how well the evidence is
gathered and transformed determines how well the extrac-
tion of features process works. The difficulties and necessi-
ties of executing digital forensics with machine learning in
numerous sectors were covered in this study. On the chosen
feature set, several machine learning methods are used to
References
1. Wen CY, Chen JK. Multi-resolution image fusion tech-
nique and its application to forensic science. Forensic Sci Int.
2004;140:217–32.
2. Ali Z, Imran M, Alsulaiman M. An automatic digital audio
authentication/forensics system. IEEE Access. 2017. https://​doi.​
org/​10.​1109/​ACCESS.​2017.​26726​81.
3. Gangwar A, Fidalgo E, Alegre E, Gonzáles V. Castro, pornogra-
phy and child sexual abuse detection in image and video: a com-
parative evaluation, Proceedings of the 8th International Con-
ference on Imaging for Crime Detection and Prevention, ISBN:
978-1-78561-687-7. 2017, pp. 37–42.
4. Perez M, Avila S, Moreira D, Moraes D, Testoni V, Valle E, Gold-
enstein S, Rocha A. Video pornography detection through deep

SN Computer Science
186 Page 8 of 8
learning techniques and motion information. Neurocomputing.
2017;230:279–93.
5. Slay J. Towards developing network forensic mechanism for bot-
net activities in the IoT based on machine learning techniques,
Mobile networks and management. In: 9th international confer-
ence, MONAMI (2017), Melbourne, Australia, December 13–15;
2017. Proceedings. Springer. Vol. 235, p. 30.
6. Xiao J, Li S and Xu Q. Video Based Evidence analysis and extrac-
tion in digital forensics investigation. IEEE Access; 2019.
7. Hosler B, Mayer O, Bayar B, Zhao X, Chen C, Shackleford JA,
Stamm MC. A video camera model identification system using
deep learning and Fusion. In: IEEE International Conference on
Acoustics, Speech and Signal Processing (ICASSP). IEEE; 2019.
pp. 8271–8275.
8. Chhabra GS, Singh VP, Singh M. Cyber forensics framework for
big data analytics in IoT environment using machine learning.
Multimed Tools Appl. 2020;79:15881–900.
9. Orozco ALS, Huamán CQ, Álvarez DP, Villalba LJG. A machine
learning forensics technique to detect post-processing in digital
videos. Future Gener Computer Syst. 2020;111:199–212.
10. Qamhan MA, Altaheri H, Meftah AH, Muhammad G, Alotaibi
YA. Digital audio forensics: microphone and environment clas-
sification using deep learning. IEEE Access. 2021. https://d​ oi.o​ rg/​
10.​1109/​ACCESS.​2021.​30737​86.
11. Sachdeva S, Ali A. Machine learning with digital forensics for
attack classification in the cloud network environment. Int J Syst
Assur Eng Manag. 2022;13(Suppl 1):S156–65.
SN Computer Science
SN Computer Science (2023) 4:186
12. Abbasi A, Javed AR, Yasin A, Jalil Z, Kryvinska N, Tariq U.
A large-scale benchmark dataset for anomaly detection and rare
event classification for audio forensics. IEEE Access. 2022.
https://​doi.​org/​10.​1109/​ACCESS.​2022.​31666​02.
13. Akbari Y, Al-Maadeed S, Elharrouss O, Khelifi F, Lawgaly A,
Bouridane A. Digital forensic analysis for source video identifica-
tion: a survey. Forensic Sci Int: Digital Investig. 2022;41:301390.
14. Akbari Y, Al-Maadeed S, Almaadeed N, Al-ali A, Khelifi F, Law-
galy A, et al. A new forensic video database for source smart-
phone identification: description and analysis. IEEE Access. 2022.
https://​doi.​org/​10.​1109/​ACCESS.​2022.​31514​06.
15. Neale C, Kennedy I, Price B, Yijun Yu, Nuseibh B. The
case for zero trust digital forensics. Sci Int: Digit Investig.
2022;40:301352.
Publisher's Note Springer Nature remains neutral with regard to
jurisdictional claims in published maps and institutional affiliations.
Springer Nature or its licensor (e.g. a society or other partner) holds
exclusive rights to this article under a publishing agreement with the
author(s) or other rightsholder(s); author self-archiving of the accepted
manuscript version of this article is solely governed by the terms of
such publishing agreement and applicable law.