Saved in:
Bibliographic Details
Main Authors: Alharthi, Dalal, Garcia, Ivan Roberto Kawaminami
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2510.00452
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912620755288064
author Alharthi, Dalal
Garcia, Ivan Roberto Kawaminami
author_facet Alharthi, Dalal
Garcia, Ivan Roberto Kawaminami
contents Large Language Models (LLMs) have gained prominence in domains including cloud security and forensics. Yet cloud forensic investigations still rely on manual analysis, making them time-consuming and error-prone. LLMs can mimic human reasoning, offering a pathway to automating cloud log analysis. To address this, we introduce the Cloud Investigation Automation Framework (CIAF), an ontology-driven framework that systematically investigates cloud forensic logs while improving efficiency and accuracy. CIAF standardizes user inputs through semantic validation, eliminating ambiguity and ensuring consistency in log interpretation. This not only enhances data quality but also provides investigators with reliable, standardized information for decision-making. To evaluate security and performance, we analyzed Microsoft Azure logs containing ransomware-related events. By simulating attacks and assessing CIAF's impact, results showed significant improvement in ransomware detection, achieving precision, recall, and F1 scores of 93 percent. CIAF's modular, adaptable design extends beyond ransomware, making it a robust solution for diverse cyberattacks. By laying the foundation for standardized forensic methodologies and informing future AI-driven automation, this work underscores the role of deterministic prompt engineering and ontology-based validation in enhancing cloud forensic investigations. These advancements improve cloud security while paving the way for efficient, automated forensic workflows.
format Preprint
id arxiv_https___arxiv_org_abs_2510_00452
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Cloud Investigation Automation Framework (CIAF): An AI-Driven Approach to Cloud Forensics
Alharthi, Dalal
Garcia, Ivan Roberto Kawaminami
Cryptography and Security
Artificial Intelligence
Machine Learning
Multiagent Systems
Large Language Models (LLMs) have gained prominence in domains including cloud security and forensics. Yet cloud forensic investigations still rely on manual analysis, making them time-consuming and error-prone. LLMs can mimic human reasoning, offering a pathway to automating cloud log analysis. To address this, we introduce the Cloud Investigation Automation Framework (CIAF), an ontology-driven framework that systematically investigates cloud forensic logs while improving efficiency and accuracy. CIAF standardizes user inputs through semantic validation, eliminating ambiguity and ensuring consistency in log interpretation. This not only enhances data quality but also provides investigators with reliable, standardized information for decision-making. To evaluate security and performance, we analyzed Microsoft Azure logs containing ransomware-related events. By simulating attacks and assessing CIAF's impact, results showed significant improvement in ransomware detection, achieving precision, recall, and F1 scores of 93 percent. CIAF's modular, adaptable design extends beyond ransomware, making it a robust solution for diverse cyberattacks. By laying the foundation for standardized forensic methodologies and informing future AI-driven automation, this work underscores the role of deterministic prompt engineering and ontology-based validation in enhancing cloud forensic investigations. These advancements improve cloud security while paving the way for efficient, automated forensic workflows.
title Cloud Investigation Automation Framework (CIAF): An AI-Driven Approach to Cloud Forensics
topic Cryptography and Security
Artificial Intelligence
Machine Learning
Multiagent Systems
url https://arxiv.org/abs/2510.00452