<![CDATA[Ransomware has become one of the most pervasive and damaging forms of cyber threats, targeting individuals, organizations, and critical infrastructures. Traditional digital forensic methods, while effective, are often limited by the speed and scale required to analyze modern ransomware attacks. This research explores the integration of machine learning techniques into digital forensic analysis to enhance the detection, classification, and investigation of ransomware. Using a controlled virtual environment, ransomware samples were executed and monitored to extract forensic artifacts from system logs, memory, and network activity. Features such as file entropy, API call behavior, and command-and-control (C2) communication patterns were analyzed. Machine learning models, particularly Random Forest and Convolutional Neural Networks (CNNs), were trained to identify ransomware behaviors with high accuracy. The Random Forest model achieved a detection accuracy of 96.4%, with strong precision and recall scores. The study also developed an automated forensic framework capable of real-time incident response and evidence extraction. Compared to previous research, this study offers improved generalization to unknown ransomware variants and faster forensic processing. The findings highlight the potential of digital forensic machine analysis as a robust solution for modern ransomware defense and investigation.]]>
Copyrights © 2025
