ForenSec: A Log-Based Digital Forensic Tool for Incident Analysis

Abstract

Modern computing infrastructures generate log data at a scale that renders manual forensic analysis impractical. Security incidents—unauthorized access, brute-force authentication attacks, and abnormal network behavior—leave discernible traces in system logs; however, extracting actionable intelligence demands automated, intelligent tooling. This paper presents ForenSec, a LogBased Digital Forensic Tool for Automated Cybersecurity Incident Analysis, implemented as an end-to-end web application that ingests raw log files, applies a structured machine learning pipeline, and delivers structured incident reports to security analysts. The system employs TF-IDF (Term Frequency–Inverse Document Frequency) vectorization to transform unstructured log messages into numerical feature representations, followed by the Isolation Forest unsupervised anomaly detection algorithm to isolate statistically deviant log entries. Detected anomalies are classified by severity— Critical, High, Medium, and Low—and consolidated into downloadable PDF reports. The backend leverages Supabase (PostgreSQL) for persistent storage of logs, anomalies, and reports with JWT-based authentication. Experimental evaluation on annotated log datasets demonstrated a detection accuracy of 90.2%, an AUC-ROC value of 0.96, and a significantly reduced mean time to detection compared to manual review. The deployed system is accessible at https://digitalforensictool.netlify.app.