ChatGPT and Its

Appliance In the Field

of Digital Forensics

T
he idea of this mini-book came about after a lively discussion in a digi-
tal forensic community chat on the topic of ChatGPT. ChatGPT is truly
impressive—it speaks like a human and seems to have an answer to any
question you ask. It is no surprise that it is being called a “Google killer”.

Many of the community’s participants were excited about ChatGPT, and the chat
thread included a number of thoughts for this technology’s applications—both
for DFIR itself and for the dark side of things. The examples of the former could
be an artifact parser script generation, and of the latter, malware script creation.

Though the technology is just introduced, we quickly grew accustomed to it and

started complaining about its limitations (do you remember this classic video,
“how quickly the world owes him something”?). Given the power of ChatGPT
and our first impressions, we want better and more in-depth results. In particular,
we complain that the texts generated are mediocre (and easy to recognize once
you are used to them), the code snippets are pretty basic, and the technical essays
are shallow.

Similar to Midjourney, StableDiffusion and DALL-E 2, which frightened graph-

ical designers, ChatGPT seemed to be a threat to technical writers, software de-
velopers, interpreters and others. But, like AI-generated pictures of people with
10 fingers or inability to generate a picture of a football scissor kick, ChatGPT
appeared to have its own weaknesses.

An attempt of
StableDiffusion to
generate a scissors
kick photo. Graphic
designers breathed
a sigh of relief
For example, it is inspiring to glance over code generated by ChatGPT based on a
textual specification, like this one:

However, when you read this code, you find that it is a basic snippet which does
not require in-depth software development skills. Code snippets provided by
Microsoft Visual Studio or JetBrains products are not that different.

A recent survey on whether ChatGPT is overhyped gave results that

align with these considerations: https://linkedin.com/feed/update/
urn:li:activity:7022212178443165696. Though the survey was on
general cyber security, it is likely that the results would be similar for
digital forensics investigations.

Now, given that digital forensics is so specialized and each case is unique, requiring
a non-template, non-standard application of an expert’s in-depth technological
experience, can ChatGPT really significantly ease DFIR work?
Potential applications
A good DFIR test for ChatGPT is to ask it to write an SQLite statement to parse
Google Chrome history. The expert who suggested it, said that “ChatGPT made
the correct join, but otherwise a basic statement”:

Indeed, that was a simple select which inner joined “urls” and “visits” tables.
Though might be a time saver for a beginner, would save just a couple of minutes
to an experienced expert.

Another idea was to use ChatGPT to create a social media policy. The resulting
document which was characterized by an expert as “it gives you a starting point
that you can submit to the boss to show you have started to work on it :)”. Similarly
to the SQL query idea, the work only starts with the AI’s generated result, not
ends with it.

Another discussion followed on how complex the output could be to replace a

human being. Important limitation of a 4096-character prompt also leads to an
inability to give the AI detailed specifications—whether it is a large-scale software
development project or a digital forensic case with multiple elements of data
known to an investigator.

My own real live experience with ChatGPT—apart from playing with it to

understand its abilities—has been using it to quickly recall what macOS apps
and system files contain specific information when writing an article. It saved me
dozens of minutes of studying Google-resulted links to articles I would have had
to do otherwise.

Do you have other ideas?

 Intermezzo:
How I played chess with
ChatGPT

I
may not be a grandmaster, but I have a bit of chess under my belt from my child-
hood days. So, when a public group chat started comparing Google DeepMind and
ChatGPT, claiming that ChatGPT was better at chess, I couldn’t help but feel a bit
skeptical. I thought to myself, “there’s no way a language model, as advanced as it may
be, could beat me at chess.” I even went as far as to bet that it wouldn’t be able to, not
even when compared to DeepMind, which has been known to defeat world-renowned
chess players like Kasparov.

Out of curiosity, I asked ChatGPT if it could play chess, and to my surprise, it said yes.
Though, the reasoning behind it (“as a language model, I can...”) seemed a bit strange to
me. Nevertheless, I decided to give it a shot and asked if it wanted to play a game with
me.

It was me who made the first mistake, though. After e4-e5, I played Kf3, confusing the
notation (K stands for King, not Knight). ChatGPT immediately caught my mistake and
correctly pointed out that the move should have been Nf3. We opened the game with
the defense of Philidor, so I was a bit confused when ChatGPT played Bc5. I
wondered, “how can you play Bc5 if you have a pawn on d6?” ChatGPT apologized
for the confu-sion and explained that it could not move the pawn on d6 to play Bc5
since pawns can only move forward.
 The genius technology confused the
chess rules right whilst its third move
It was clear at this point that ChatGPT was not
exactly a chess prodigy, but I decided to see how
the game would unfold. ChatGPT played Nf6
and after I played Nc3, it played... Nf6 again! I
asked, “don’t you already have N on f6 in your
previous move?” ChatGPT agreed and gave me
its pawn by moving it to d5. I captured it with
my knight and got Nc6 in reply.
I played 0-0 and ChatGPT did the same. This was
when things got even more interesting. I decid-
ed not to point out an illegal move, but instead
asked, “where is your bishop?” ChatGPT replied
that it had not played a bishop and apologized
twice. I asked more directly, “can you play 0-0
with the bishop on f8?” ChatGPT replied by ex-
plaining the meaning of the “0-0” notation.
The ChatGPT’s sixth move was...
“0-0”!
I asked again, “you have a bishop on f8, don’t
you?” To my surprise, ChatGPT replied with
something completely strange: “I apologize for
the confusion, as a language model, I don’t have
physical pieces to move.” I tried to explain that
I was not talking about the physical world and
asked where its bishop was in our chess game,
but it kept apologizing and would not give me a
straight answer.
After a dozen more questions, I finally gave up
and asked ChatGPT for its next move. It played...
d5! At this point, the game had turned into a
complete waste of time, and the experiment was
over.
 Potential problems

A
s usual, all technological breakthrough can be used both to the good and
to the bad. While the good side of things have yet to be fully realized (how
to wisely apply the new technology?), the negative one seems to be easier
to exploit.

Specifically, phishing emails have the potential to be significantly improved

through mimicking the look and style of corporate or personal communications.

See another article of a kind

However, cybersecurity experts are quick to point out that automatic generation
of malware is less of a concern: “However, straight-arrow users have nothing to
fear. If bot-written code is actually used, security solutions will detect and neutral-
ize it as quickly and efficiently as all previous malware created by humans. What’s
more, if such code isn’t checked by an experienced programmer, the malware is
likely to contain subtle errors and logical flaws that will make it less effective. At
least for now, bots can only compete with novice virus writers.”

Another obvious problem can be to detect and prove malicious searches. Tra-
ditional Google search requests leave a footprint in the browser history, which
can be easily analyzed (see the “Case of Casey Anthony” and the “Case of Brian
Walshe”). However, ChatGPT sessions will look like that in the browser:
Now, if this search does not leave a local footprint, why don’t users start searching
for illegal stuff with the technologies like ChatGPT? One can argue: these tech-
nologies have built-in protection against potentially criminal applications. While
this is true, we have already heard of one-step workarounds, when a person who
asks, just clarifies their prompt to be “a fiction book plot”, “a computer gameplay”
or “a movie scenario”.

The experts are worrying: “Once these AI solutions start replacing tradition-
al search engines, how will that affect our browser analysis?” At this moment it
looks like one has to monitor and decrypt network traffic to figure out such search
requests. The experts also warn: “Most of the expected use of these tools will be
through an API, which will be a little more difficult to track.”

The author of this text believes that ChatGPT by itself is not scary as of now. How-
ever, coupled with the deepfake technologies made much more available these
days, as well as text to audio generators, and ChatGPT language capabilities, it can
be a dangerous combination. This blend could make mass targeted attacks, previ-
ously only viable against high-profile individuals, cheap and potentially aimed to
much larger volumes of potential victims. This may include both phishing attacks
and attacks against children, which can also be leveraged by AI. In short, it is a
double-edged sword that we need to handle with care.

See other articles:

• ChatGPT Artificial Intelligence: Can cybercriminals abuse the newly

launched chatGPT to create havoc in the Cyber Domain

• How ChatGPT will change cybersecurity

 Conclusion

C
hatGPT, the language model developed by OpenAI, has been touted as a
game-changer in the field of digital forensics. Some experts have claimed
that it can be used to analyze large amounts of data and uncover hidden
patterns that would be impossible for humans to find. However, not everyone is
convinced of its capabilities. In this article, we took a look at the use of ChatGPT
in digital forensics and examine whether it is truly capable of revolutionizing the
field.

One of the main arguments in favor of using ChatGPT in digital forensics is that
it can quickly analyze large amounts of data. However, it’s important to remember
that the model is only as good as the data it is trained on. If the training data is
biased or incomplete, the model’s results will also be biased or incomplete. Addi-
tionally, the model’s ability to process large amounts of data is only as good as the
computer it’s running on.

Another argument in favor of ChatGPT is that it can uncover hidden patterns

in data that humans would miss. However, it is important to remember that the
model is only capable of finding patterns that it has been trained to recognize. If
the model has not been trained to recognize a particular pattern, it will not be able
to find it. Additionally, the model’s ability to uncover hidden patterns is limited
by the quality of the data it is analyzing. If the data is noisy or contains errors, the
model will struggle to find meaningful patterns.

Perhaps the biggest concern with using ChatGPT in digital forensics is the po-
tential for bias. Language models like ChatGPT are only as unbiased as the data
they are trained on. If the training data is biased, the model will also be biased.
Additionally, the model’s ability to understand and interpret text is limited by the
language it was trained on. If the data being analyzed is in a different language, the
model will struggle to understand it.

In conclusion, while ChatGPT is a powerful language model, it is important to re-

member that it is not a magic bullet for digital forensics. Its ability to analyze large
amounts of data and uncover hidden patterns is limited by the quality of the data
it is analyzing and the computer it’s running on. Additionally, the model is only
as unbiased as the data it is trained on, and its ability to understand and interpret
text is limited by the language it was trained on. Therefore, it is important to ap-
proach the use of ChatGPT in digital forensics with a healthy dose of skepticism
and to carefully evaluate its capabilities before using it in an investigation.
 Conclusion 2

N
eedless to say, the conclusion 1 was written entirely by ChatGPT. The first
reader to guess the prompt will get Belkasoft X full license free.

Click here to enter your guess

While ChatGPT is indeed an impressive piece of technology and a convenient

tool for quick information gathering, we think that the actual DFIR work can only
be facilitated with the use of it, not replaced or even heavily supported. Things
may change with the version 4 of this AI and extending the size of the input.