In an era where cyber threats are rapidly evolving, the reliability of cyber forensic analysis has become increasingly critical for effective digital investigations and cybersecurity responses. AI agents are being adopted across digital forensic practices due to their ability to automate processes such as anomaly detection, evidence classification, and behavioral pattern recognition, significantly enhancing scalability and reducing investigation timelines. However, the characteristics that make AI indispensable also introduce notable risks. AI systems, often trained on biased or incomplete datasets, can produce misleading results, including false positives and false negatives, thereby jeopardizing the integrity of forensic investigations. This study presents a meticulous comparative analysis of the effectiveness of the most used AI agent, ChatGPT, and human forensic investigators in the realm of cyber forensic analysis. Our research reveals critical limitations within AI-driven approaches, demonstrating scenarios in which sophisticated or novel cyber threats remain undetected due to the rigid pattern-based nature of AI systems. Conversely, our analysis highlights the crucial role that human forensic investigators play in mitigating these risks. Through adaptive decision-making, ethical reasoning, and contextual understanding, human investigators effectively identify subtle anomalies and threats that may evade automated detection systems. To reinforce our findings, we conducted comprehensive reliability testing of forensic techniques using multiple cyber threat scenarios. These tests confirmed that while AI agents significantly improve the efficiency of routine analyses, human oversight remains crucial in ensuring accuracy and comprehensiveness of the results.

翻译：在网络威胁快速演变的时代，网络取证分析的可靠性对于有效的数字调查和网络安全响应变得日益关键。人工智能代理因其在异常检测、证据分类和行为模式识别等流程自动化方面的能力，正被广泛应用于数字取证实践，显著提升了可扩展性并缩短了调查周期。然而，正是这些使人工智能不可或缺的特性也带来了显著风险。通常基于有偏或不完整数据集训练的人工智能系统可能产生误导性结果，包括误报和漏报，从而危及取证调查的完整性。本研究对网络取证分析领域最常用的人工智能代理ChatGPT与人类取证调查员的有效性进行了细致的比较分析。我们的研究揭示了人工智能驱动方法的关键局限性，展示了由于人工智能系统基于固定模式的特性，复杂或新型网络威胁仍可能未被检测到的场景。相反，我们的分析强调了人类取证调查员在缓解这些风险方面发挥的关键作用。通过适应性决策、伦理推理和情境理解，人类调查员能有效识别可能规避自动化检测系统的细微异常和威胁。为强化研究结果，我们使用多种网络威胁场景对取证技术进行了全面的可靠性测试。这些测试证实，虽然人工智能代理显著提高了常规分析的效率，但人工监督对于确保结果的准确性和全面性仍然至关重要。