Comparative Analysis of Supervised and Unsupervised Learning in Digital Forensics
Аннотация
The rapid growth of cyber threats and digital data has significantly increased the complexity of modern forensic investigations, necessitating the adoption of intelligent analytical approaches for accurate and scalable evidence analysis. This chapter presents a comparative evaluation of supervised and unsupervised machine learning paradigms for digital forensic investigations using real-world cyber intrusion datasets. Supervised learning models demonstrated strong classification performance with an average detection accuracy of 92.3%, precision of 90.8%, and recall of 89.6% in identifying known malicious artefacts. In contrast, unsupervised clustering techniques exhibited improved adaptability in detecting unknown anomalies, achieving an average anomaly detection rate of 88.7% in unlabeled forensic datasets. The proposed hybrid analytical framework integrating both paradigms achieved a superior overall accuracy of 94.6%, precision of 92.8%, and recall of 91.9%, thereby outperforming baseline forensic investigation models reported in recent studies.