SentinelFusion based machine learning comprehensive approach for enhanced computer forensics

Crime dataset on the blockchain

Forensic examination of a crime dataset kept on the blockchain is used in the study. Forensic information, including timestamps, transaction records, and digital signatures, are all included in the crime dataset. The study guarantees the data’s integrity, transparency, and resistance to tampering by putting it on the blockchain. The crime dataset is used to train and evaluate machine learning models for crime classification and prediction.

For the sake of this investigation, a crime dataset was created and is being kept on the blockchain. Its purpose is to serve as a central database for computer forensics and analysis that is both extensive and safe. Each criminal incident is characterized by a number of attributes that together make up the dataset.

Features description

Timestamp: This element indicates the time and date that the criminal act was documented. It allows for the examination of criminal events across time thanks to its systematic referencing of their chronological order.

Access logs: Information on who accessed what data and when is stored in the access logs. Usernames and IP addresses of those who accessed the information are recorded. Data like this can be used to track down persons who may be involved in illegal activity.

File size: The file size feature reveals the dimensions of the stolen data. It’s helpful for gauging the scope and repercussions of a crime wave by revealing the sheer volume of data connected to individual instances.

Encryption level: The data encryption strength is indicated by this property. Important for gauging the complexity of the crime and the difficulty of decrypting the data, it reveals the security measures taken to secure the information.

User permissions: Data access permissions are reflected in the user permissions feature. The data shows whether the users had read-only or read/write permissions. Permissions analysis can reveal internal threats or unapproved users who have gained access to confidential information.

Network traffic: The network traffic function records the total amount of traffic on the network that contains the criminally relevant data. It sheds light on the underlying communication and activity patterns that led up to the criminal incident, which can be used to spot unusual activity on the network.

Malware indicators: This function flags data that has been tampered with or shows signs of malware. Data anomalies and the presence of harmful files are two examples of signs that can be used to track down cybercrime.

Data type: The data type property identifies the corrupted data subtype. Financial data, personal details, research papers, and anything else that would be useful could be included. The nature and severity of the information lost in the crime can be evaluated with the help of a thorough understanding of the data types at play.

Secure data (output): This is the data’s security status, displayed as an output feature. A number of 1 indicates that the data is considered secure, whereas a value of 0 indicates that the data is not secure. Data security can be classified based on this feature, which is used as a target variable in machine learning models. Table 2 shows the feature description.

These aspects help researchers analyze and comprehend the nature of criminal acts by providing crucial details about each incident. They help in the creation of better forensic analytical methods and machine learning models for spotting and preventing similar crimes in the future.

Malware indicators’ frequency distribution in the crime dataset is shown in Fig. 1. It provides counts or examples for each type of malware indicator. The plot’s bars stand in for malware indicators, with the height of each bar indicating the frequency with which that indicator was observed. This illustration aids in locating various malware signs and comprehending their presence or absence in illegal actions.

Machine learning algorithms

Several machine learning methods are used to examine the crime dataset and draw conclusions. SVM, KNN, NB, LR, and DT are only few of the algorithms used for classification and prediction. Samples are classified by the majority vote of their k-nearest neighbors in KNN, while SVM seeks to create an ideal hyperplane that separates various classes. Bayes’ theorem is used in NB to determine the likelihood of a sample coming from a specific group. While DT builds a decision tree to forecast outcomes based on a hierarchical structure of rules, LR calculates the probability of a binary outcome based on input features.

Hyperparameter tuning

Techniques for hyperparameter tuning are used to enhance the efficiency of the machine learning algorithms. It is necessary to specify hyperparameters prior to training since they are settings for algorithms that are not learned during training. It explored the hyperparameter space to find the best set of settings by using methods like grid search or randomized search. The study intends to improve the forensic analysis and crime-related activity prediction effectiveness by fine-tuning the hyperparameters, hence improving the accuracy, precision, recall, and F1-score of the machine learning models.

In machine learning, selecting the ideal set of hyperparameters for a particular model is a critical step. Configuration parameters known as hyperparameters are those that are set prior to training a model and not learned from the data. To ensure robust hyperparameter tuning, we conducted sensitivity analysis to understand the impact of different hyperparameters on model performance. Sensitivity analysis involves varying one hyperparameter at a time while keeping others constant to observe changes in performance metrics. This analysis helps in identifying hyperparameters that have the most significant impact on the model’s performance, guiding the focus of our optimization efforts.

Proposed model

SentinelFusion: a next-gen ensemble framework

Our novel ensemble framework, SentinelFusion, stands as the cornerstone of our study. It represents a cutting-edge approach designed to enable a holistic and nuanced prediction of confidentiality, privacy, and integrity attributes within blockchain data. SentinelFusion’s architecture seamlessly integrates a variety of machine learning algorithms, each contributing its distinctive strengths to the ensemble. This integration fosters a synergistic effect, leveraging the diverse analytical capabilities of each algorithm to collectively enhance the accuracy and reliability of predictions.

In this section, we introduce SentinelFusion, our innovative ensemble framework designed to harness the collective power of machine learning algorithms, including XGBoost, for advancing computer forensics. SentinelFusion seamlessly integrates various machine learning techniques, leveraging their diverse strengths to enhance predictive accuracy and reliability in identifying and predicting crime-related activities.

Mathematical formulation:

Let’s define the following terms:

D: The dataset of criminal offenses recorded on the blockchain, represented as: D = (x1, y1), (x2, y2), …, (xn, yn) where xi represents the feature vector extracted from forensic data, and yi represents the corresponding labels indicating the attributes (confidentiality, privacy, integrity).

M: The number of machine learning algorithms used in the ensemble.

A_m: The mth machine learning algorithm, where m = 1, 2, …, M.

F_m: The predictive function of the mth algorithm, mapping the input feature xi to its corresponding predicted label yim, where yim is the predicted label for the attribute using the mth algorithm.

w_m: The weight assigned to the mth algorithm’s prediction in the ensemble.

E: The ensemble prediction for the attribute label, represented as: $E\left(xi\right)={\sum }_m^{M}wm\cdot Fm\left(xi\right)$ The overall ensemble prediction for the attribute label yi can be computed as the weighted sum of the individual predictions from all M algorithms.

In addition to traditional machine learning algorithms like SVM, KNN, Naive NB, LR, and DT, SentinelFusion incorporates the powerful XGBoost model. XGBoost is a scalable and efficient implementation of gradient boosting, known for its superior performance in handling complex datasets and achieving high predictive accuracy. We conduct rigorous hyperparameter tuning for each algorithm within SentinelFusion, including XGBoost. This process involves systematically exploring different parameter configurations to identify settings that yield the best predictive accuracy. Parameters such as learning rate, tree depth, and regularization parameters are fine-tuned to optimize the performance of XGBoost and other algorithms in the ensemble. Predictions from individual machine learning algorithms, including XGBoost, are combined within the SentinelFusion framework using appropriate weighting schemes. The ensemble approach leverages the strengths of each algorithm to produce a more robust and accurate predictive model. The weights assigned to each algorithm’s prediction are optimized to maximize the overall performance of the ensemble. SentinelFusion represents a cutting-edge approach to computer forensics, integrating blockchain technology with advanced machine learning techniques, including XGBoost. By leveraging the collective power of diverse algorithms within an ensemble framework, SentinelFusion aims to revolutionize crime detection and prevention, paving the way for more secure and efficient forensic investigations.

Utilizing a diverse array of machine learning algorithms.

Within SentinelFusion, we harness the power of various machine learning algorithms, encompassing support vector machines, K-nearest neighbors, naive Bayes, logistic regression, and decision trees. Each algorithm has been meticulously selected for its unique ability to excel in certain types of data patterns and behaviors. This diversity enriches the ensemble’s capacity to capture a wide spectrum of intricacies within the dataset, culminating in a more comprehensive and accurate predictive model. Figure 2 shows the proposed hybrid model architecture.

Hyperparameter tuning for optimized performance.

Recognizing the significance of algorithm parameter settings in achieving optimal predictive performance, we have conducted rigorous hyperparameter tuning for each algorithm within SentinelFusion. This process involves systematically exploring different parameter configurations to identify the settings that yield the best predictive accuracy. By fine-tuning the algorithms, we ensure that their contributions to the ensemble are fully optimized, enhancing the overall quality of predictions.

Mathematical model.

Let us define the following terms:

D: The dataset of criminal offenses recorded on the blockchain, represented as: ${\displaystyle D=\left\{\left(x_1,y_1\right),\left(x_2,y_2\right),\dots ,\left(x_n,y_n\right)\right\}}$

where x_i represents the feature vector extracted from forensic data, and y_i represents the corresponding labels indicating the attributes (confidentiality, privacy, integrity).

M: The number of machine learning algorithms used in the ensemble.

A_m: The mth machine learning algorithm, where m = 1, 2, …, M.

F_m: The predictive function of the mth algorithm, mapping the input feature x_i to its corresponding predicted label y_im, where y_im is the predicted label for the attribute using the m-th algorithm.

w_m: The weight assigned to the m-th algorithm’s prediction in the ensemble.

E: The ensemble prediction for the attribute label, represented as ${\displaystyle E\left(xi\right)=\sum _M^m{w}_m\cdot F_m\left(xi\right).}$

The overall ensemble prediction for the attribute label y_i can be computed as the weighted sum of the individual predictions from all M algorithms.

The weights w_m reflect the importance of each algorithm’s prediction in the ensemble. These weights can be determined through various techniques, such as cross-validation or optimization algorithms, aiming to minimize prediction error and maximize the overall performance of the ensemble.

Each machine learning algorithm A_m contributes its predictive outcome F_m(x_i), which is a function mapping the input feature x_i to the predicted label y_im for the m-th attribute. The specific form of each F_m depends on the chosen algorithm (e.g., SVM, KNN, Naive Bayes, etc.) and its parameter settings.

By carefully tuning the weights w_m and fine-tuning the parameters of each algorithm within the ensemble, the SentinelFusion framework aims to maximize the predictive accuracy and robustness for the attributes of confidentiality, privacy, and integrity in blockchain data.

In summary, this section has provided an overview of the materials and methods employed in our study. The amalgamation of a blockchain-based criminal offense dataset with the advanced SentinelFusion ensemble framework, encompassing a spectrum of machine learning algorithms and finely-tuned parameters, forms the foundation of our endeavor to unlock the potential synergy between blockchain technology and machine learning in the realm of computer forensics.

Evaluation metrics

The success of the integrated system in computer forensics is measured using a variety of criteria. A few common evaluation metrics are F1-score, recall, accuracy, and precision. Recall measures the proportion of true positives among the actual positives, precision measures the proportion of real positives among the predicted positives, and accuracy is the overall accuracy of the classification findings. F1-score combines precision and recall into a single metric. These evaluation indicators shed light on the dependability and effectiveness of the combined strategy.

Precision: Precision is defined as the ratio of true positive predictions to the total number of positive predictions (both true positives and false positives). High precision indicates that the model has a low false positive rate, meaning that it accurately identifies instances of cybercrime without falsely flagging benign activities as malicious.

Practical implications: In the context of forensic analysis, high precision is crucial because false positives can lead to wasted resources and potential legal complications. For instance, incorrectly identifying a legitimate user’s activity as malicious could result in unnecessary investigations and loss of trust. Therefore, models with high precision are particularly valuable in forensic scenarios where the cost of false alarms is high.

Recall: Recall, also known as sensitivity or true positive rate, is the ratio of true positive predictions to the total number of actual positive instances (both true positives and false negatives). High recall indicates that the model successfully identifies a large proportion of actual cybercrime instances.

Practical implications: High recall is essential in forensic analysis because missing an instance of cybercrime can have serious consequences. Forensic investigators rely on recall to ensure that all relevant evidence is identified and analyzed. A model with high recall minimizes the risk of undetected cybercrimes, which is critical for thorough and effective forensic investigations.

F1 score: The F1 score is the harmonic mean of precision and recall, providing a single metric that balances the trade-off between the two. It is particularly useful when the class distribution is imbalanced, as it gives a more comprehensive picture of the model’s performance.

Practical implications: The F1 score is crucial for assessing the overall effectiveness of a forensic model. In real-world applications, it is often necessary to balance the need for high precision (to avoid false positives) and high recall (to avoid false negatives). The F1 score helps forensic analysts understand this balance and choose models that provide the best compromise between precision and recall, ensuring both accuracy and completeness in investigations.

Experimental setup

The report uses experimental and case-based evidence to prove the usefulness of using blockchain and ML in forensics. In the studies, it trained machine learning models using the blockchain-stored crime dataset, and then it used the predetermined metrics to assess how well the models perform. To guarantee the conclusions are applicable and generalizable, it takes into account both real-world criminal scenarios and a variety of datasets.

Performance of models

Here, we will go through how well each of the five different categorization models (SVM, KNN, NB, LR, DT) worked in this experiment. Several metrics, including accuracy, precision, recall, and F1 score, are used to assess the models’ efficacy. Tabular displays of the findings allow for easy comparison of the models’ outcomes. Table 4 shows the Performance Metrics of Classification Models.

Each classification model’s accuracy, precision, recall, and F1 score are listed in the table above. Accuracy evaluates how well the predictions were made as a whole, whereas precision assesses how many correct positive predictions there were. The proportion of correct predictions made out of total positive instances is known as the recall, sensitivity, or true positive rate. The F1 score is a balanced measure of model performance that is the harmonic mean of precision and recall.

Figure 3 and Table 5 shows the performance of SentinelFusion Performance and Fig. 4 shows the performance of previous models.

Each classification model’s true positive rate (TPR) and false positive rate (FPR) are presented in Fig. 4. Figure 5 shows the Sentinel Fusion ROC-AUC Curve. The curve depicts the compromise between detection ability and specificity. Greater discriminating between positive and negative examples corresponds to a larger area under the curve (AUC). The ROC-AUC curve sheds light on how well the models can generalize from secure to insecure data.

The combined confusion matrix of all classification models is depicted in Table 6. The confusion matrix shows the proportions of correct, incorrect, and equivocal predictions. The cases that belong to the true class are represented by rows in the matrix, whereas the predicted class is represented by columns. The frequency or proportion of forecasts for each class is represented by the colors or numerical values in the cells of the matrix. Correct and inaccurate predictions for all classes can be compared between models using the combined confusion matrix.

Based on the Figs. 6, 7, 8, 9, 10, 11 and 12, the SentinelFusion model performance best at 0.99 accuracy, precision recall and F1 score, after which, SVM model performed best with an accuracy of 0.89. Furthermore, its 0.91 precision indicates a low percentage of false positives, proving its reliability. The recall value of 0.88 and the F1 score of 0.89. Table 7 shows the Comparative Table of Proposed model with previous studies after Hypertuning.

Table 6:

Combined confusion matrix of all models.

Model	Confusion matrix
SentinelFusion
SVM
NB
LR
DT

DOI: 10.7717/peerjcs.2183/table-6

Accuracy of 0.86 was reached with the KNN model, with values of 0.85 for precision, 0.87 for recall, and 0.86 for the F1 score. While the KNN model’s performance in categorizing secure and insecure data is significantly lower than that of the SVM model, it is still respectable. Accuracy was 0.82 for the naive Bayes model, with values of 0.80 for precision, 0.85 for recall, and 0.82 for the F1 score. Naive Bayes does reasonably well here despite its simplicity and assumptions of feature independence. Accuracy was 0.88, with precision at 0.89, recall at 0.87, and F1 score at 0.88 using logistic regression. The model’s prediction abilities are impressive, as evidenced by its success at distinguishing between secure and insecure datasets. Accuracy was 0.83 for the decision tree model, with values of 0.82 for precision, 0.84 for recall, and 0.83 for the F1 score. Although the decision tree method has some benefits, such as being easy to read, it is not as effective as the other models. These metrics reveal how well the models can distinguish between safe and unsafe data. The findings allow us to evaluate the relative merits of different models and make educated decisions about their use in computer forensics. Table 8 shows the comparative table of proposed model with previous studies.

The SentinelFusion model outperformed all other models with impressive accuracy, precision, recall, and F1 score, all at 0.99. This high performance indicates that the ensemble approach effectively leverages the strengths of individual algorithms, resulting in a robust and reliable predictive model. The model’s accuracy signifies its ability to correctly classify secure and insecure data with minimal errors, while its balanced performance across precision, recall, and F1 scores demonstrates its efficacy in both detecting true positives and minimizing false positives. The power of the ensemble lies in combining multiple algorithms to mitigate the weaknesses of individual models, leading to improved overall performance. However, the complexity of the ensemble model might lead to longer training times and require more computational resources, and the combined predictions of multiple algorithms might make the model less interpretable compared to simpler models. The SVM model achieved an accuracy of 0.89, with precision, recall, and F1 scores at 0.91, 0.88, and 0.89, respectively. The high precision indicates that SVM effectively minimizes false positives, making it reliable in identifying true secure data. Additionally, the model’s performance metrics suggest it generalizes well across different data samples. However, SVM can be computationally intensive, especially with large datasets, and its performance heavily depends on the choice of hyperparameters like C and gamma. The KNN model showed an accuracy of 0.86, with precision at 0.85, recall at 0.87, and an F1 score of 0.86. KNN is easy to understand and implement, making it a good choice for initial analyses, and it can handle multi-class classification problems effectively. Nevertheless, the model can be slow, especially with large datasets, as it needs to compute the distance to all training samples. Furthermore, its performance degrades with an increase in the number of dimensions, known as the curse of dimensionality. Naive Bayes (NB) achieved an accuracy of 0.82, precision of 0.80, recall of 0.85, and an F1 score of 0.82. NB is fast to train and can handle large datasets efficiently, and it works well even with relatively small amounts of training data. However, the assumption that features are independent can be a limitation, leading to less accurate predictions when features are correlated. Consequently, compared to other models, NB generally has lower accuracy. Logistic regression (LR) showed an accuracy of 0.88, with precision at 0.89, recall at 0.87, and an F1 score of 0.88. The model provides clear insights into the relationship between input features and the target variable, and it is computationally efficient and works well with large datasets. Despite this, it assumes a linear relationship between input features and the log-odds of the target, which might not capture complex patterns. The decision tree (DT) model achieved an accuracy of 0.83, precision of 0.82, recall of 0.84, and an F1 score of 0.83. Decision trees are easy to visualize and interpret, making them useful for understanding model decisions. They can effectively handle datasets with high feature importance and highlight the most important features. However, decision trees can easily overfit the training data, especially with deeper trees, and might show high variance, leading to less stable predictions across different datasets. The SentinelFusion model’s superior performance demonstrates the effectiveness of using an ensemble approach to integrate multiple machine learning algorithms. The ensemble method mitigates the individual weaknesses of each algorithm, resulting in a more accurate and reliable predictive model. The SVM model, while performing well, requires careful tuning of hyperparameters and is computationally intensive. KNN, although simple and versatile, faces scalability issues with large datasets. Naive Bayes, despite its speed, suffers from the independence assumption, leading to lower accuracy. Logistic regression strikes a balance between interpretability and efficiency but assumes linearity. Decision trees offer great interpretability but are prone to overfitting. Future research can explore optimizing the ensemble weights and incorporating additional algorithms to enhance performance. Investigating feature engineering techniques can help improve the predictive power of individual models. Developing scalable versions of these models can ensure their applicability to larger and more complex datasets. Applying these models to real-world forensic datasets can validate their effectiveness and uncover additional insights. This detailed analysis provides a comprehensive understanding of the strengths and weaknesses of each model, offering valuable insights into their applicability and performance in enhancing computer forensics through the integration of blockchain technology and machine learning.

Limitations

1. Complexity and computational resources: One significant limitation of the SentinelFusion model is its complexity. The ensemble approach, which combines multiple machine learning algorithms, requires substantial computational resources for both training and prediction. This can be a hindrance in environments with limited computational capacity or where real-time analysis is required.

2. Interpretability: While ensemble models generally provide better predictive performance, they often lack interpretability compared to simpler models like Decision Trees or Logistic Regression. The combined predictions of multiple algorithms make it challenging to understand the rationale behind individual predictions, which is crucial in forensic investigations where transparency is essential.

3. Data dependence: The performance of the SentinelFusion model heavily depends on the quality and diversity of the training data. If the training data does not adequately represent the range of potential cybercrime scenarios, the model’s predictions might not generalize well to new, unseen cases.

4. Hyperparameter sensitivity: The model’s performance is sensitive to the choice of hyperparameters for each base learner. While rigorous hyperparameter tuning can mitigate this issue, it adds to the complexity and computational burden of the model.

5. Overfitting risk: Despite ensemble methods generally reducing the risk of overfitting, it is not entirely eliminated. Particularly with complex models, there remains a possibility that the ensemble might overfit the training data, especially if the model complexity is not appropriately controlled.

Assumptions

1. Independence of errors: One key assumption in ensemble learning is that the errors made by individual models are independent. This independence is crucial for the ensemble to benefit from combining different models. However, in practice, achieving truly independent errors can be challenging, especially if the models are trained on the same data.

2. Consistency of data distribution: The model assumes that the training and testing data are drawn from the same distribution. Any significant changes in the nature of cybercrimes or forensic data over time could affect the model’s performance and necessitate retraining with updated data.

3. Feature relevance: The model assumes that the selected features are relevant and sufficient to capture the patterns indicative of cybercrime activities. If critical features are missing or irrelevant features are included, the model’s predictive power could be compromised.

Future research directions

1. Optimization of ensemble weights: Future research can explore advanced techniques for optimizing the weights of individual models in the ensemble. Methods such as genetic algorithms, Bayesian optimization, or neural networks could be used to find the optimal combination of model weights, enhancing the overall performance.

2. Feature engineering and selection: Investigating advanced feature engineering and selection techniques can further improve the model’s predictive power. Techniques such as automated feature generation using deep learning or feature selection using mutual information can be explored.

3. Scalability improvements: Developing scalable versions of the SentinelFusion model to handle larger datasets and more complex scenarios is a crucial area for future research. Distributed computing frameworks and cloud-based solutions could be leveraged to address the computational challenges.

4. Real-time forensic analysis: Integrating the SentinelFusion model into real-time forensic analysis systems can be a valuable direction. This would involve optimizing the model for faster inference times and developing efficient data ingestion pipelines to handle live data streams.

5. Model interpretability: Enhancing the interpretability of the ensemble model without compromising its performance is another critical area. Techniques such as SHAP (SHapley Additive exPlanations) values or LIME (Local Interpretable Model-agnostic Explanations) can be applied to provide insights into the model’s decision-making process.

6. Integration with other technologies: Future research can explore the integration of the SentinelFusion model with other emerging technologies such as artificial intelligence-driven threat intelligence platforms, blockchain-based data integrity solutions, and advanced anomaly detection systems.

Potential implications for the field of computer forensics

1. Enhanced detection and prevention: The SentinelFusion model’s ability to accurately classify and predict cybercrime activities can significantly enhance the detection and prevention of digital crimes. This can lead to quicker identification of threats and more effective mitigation strategies.

2. Improved data integrity and security: By leveraging blockchain technology, the model ensures the integrity and immutability of forensic data. This enhances the reliability of digital evidence and strengthens the overall security framework within forensic investigations.

3. Resource optimization: The model’s predictive capabilities can help forensic investigators prioritize their efforts by identifying high-risk activities and potential suspects. This can lead to more efficient allocation of resources and faster resolution of cases.

4. Advancement of forensic methodologies: The integration of advanced machine learning techniques with traditional forensic methods represents a significant advancement in the field. This can pave the way for new forensic methodologies that are more robust, scalable, and capable of handling complex cybercrime scenarios.

5. Policy and legal implications: The adoption of such advanced forensic tools can influence policy-making and legal frameworks related to cybercrime. Enhanced forensic capabilities can lead to stricter regulations, better compliance mechanisms, and more effective prosecution of cybercriminals.

6. Cross-disciplinary collaboration: The development and implementation of models like SentinelFusion encourage collaboration between computer scientists, legal experts, and law enforcement agencies. This interdisciplinary approach can lead to more holistic solutions to combat cybercrime.

In conclusion, this study has demonstrated the significant potential of the SentinelFusion model in enhancing computer forensics through the integration of blockchain technology and machine learning algorithms. The SentinelFusion model achieved outstanding performance metrics, with an accuracy, precision, recall, and F1 score of 0.99, significantly outperforming individual machine learning models such as SVM, KNN, naive Bayes, logistic regression, and decision trees. This robust performance underscores the efficacy of the ensemble approach in leveraging the complementary strengths of different algorithms.

The implications of these findings are profound for the field of computer forensics. High precision and recall rates ensure that the model can accurately identify true instances of cybercrime while minimizing false positives and negatives, thus enhancing the reliability of forensic investigations. The integration of blockchain technology further ensures the integrity and immutability of forensic data, providing a secure foundation for storing and analyzing digital evidence.

However, it is essential to acknowledge the limitations of the current study, including the complexity and computational resource requirements of the ensemble model, and the dependency on the quality and diversity of the training data. Future research should focus on optimizing the ensemble weights, improving feature engineering and selection techniques, and developing scalable versions of the model to handle larger datasets and real-time forensic analysis.

Moreover, exploring the integration of SentinelFusion with other emerging technologies, such as AI-driven threat intelligence platforms and blockchain-based data integrity solutions, could further enhance its capabilities. By addressing these areas, future work can continue to advance the field of computer forensics, providing more robust and efficient tools for detecting and preventing cybercrime.

In summary, the SentinelFusion framework represents a significant advancement in computer forensics, offering a powerful tool for enhancing the detection, classification, and prevention of digital crimes. Its superior performance and practical implications make it a valuable contribution to the ongoing efforts to secure digital environments and safeguard sensitive information.