ForensicsData: A Digital Forensics Dataset for Large Language Models
This addresses the problem of limited public resources for digital forensic investigators, enabling reproducible experiments and collaboration, though it is incremental as it applies existing methods to new data.
The authors tackled the lack of realistic datasets in digital forensics by introducing ForensicsData, a dataset of over 5,000 Q-C-A triplets from malware analysis reports, with Gemini 2 Flash showing the best performance in aligning with forensic terminology.
The growing complexity of cyber incidents presents significant challenges for digital forensic investigators, especially in evidence collection and analysis. Public resources are still limited because of ethical, legal, and privacy concerns, even though realistic datasets are necessary to support research and tool developments. To address this gap, we introduce ForensicsData, an extensive Question-Context-Answer (Q-C-A) dataset sourced from actual malware analysis reports. It consists of more than 5,000 Q-C-A triplets. A unique workflow was used to create the dataset, which extracts structured data, uses large language models (LLMs) to transform it into Q-C-A format, and then uses a specialized evaluation process to confirm its quality. Among the models evaluated, Gemini 2 Flash demonstrated the best performance in aligning generated content with forensic terminology. ForensicsData aims to advance digital forensics by enabling reproducible experiments and fostering collaboration within the research community.