A memory-based game-theoretic defensive approach for digital forensic investigators

Digital investigators need to evaluate their existing counter-anti-forensic tools to assess the reliability of their tools against attackers' anti-forensic tools. The evaluation enables them to choose more reliable defensive strategies against the attackers. Game-theoretic algorithms simulate the interactions that happen between an attacker and an investigator (two players) in a forensic environment. The algorithms examine the most desired and stable players' strategies (the Nash equilibrium of the game). However, in the algorithms, it is assumed that the players' action spaces do not modify. Thus, if a player wants to expand his/her action space by introducing a new counter-anti-forensic or an anti-forensic tool, then the algorithms must re-simulate the game from the beginning to examine the Nash equilibrium of the game. In this paper, we introduce a player's capability to expand his/her action space using a memory mechanism. We test the hypothesis of applying the memory mechanism to a fictitious play algorithm and a gradient play algorithm to decrease the required players' iterations to reach the steady-state of the game. We introduce an extended game-theoretic learning algorithm based on the proposed memory mechanism and perform a set of experiments to evaluate the mechanism. Results of the experiments show that the mechanism reduces the required players' iterations to reach the steady-state of the game after expanding their action spaces. The results also show after employing the mechanism the players on average require 115 fewer iterations to reach the steady-state of the game. In comparison with the fictitious play algorithm, the gradient play algorithm needs fewer players' iterations to reach the steadystate of the game and it shows a smoother reduction in required players' iterations. Finally, we formulate the players' efficiency after employing the memory mechanism and present a set of assistive rules for the investigator. (c) 2021 Elsevier Ltd. All rights reserved.