Research Digest: Decoding the Dark – AI and ML in Dark Web Cybercrime and Cryptocurrency Forensics

by Judge/ Yassin Abdalla Abdelkarim

CyJurII Founder

18 July 2025

Abstract

In this blog post, I introduce a comprehensive digest of the article entitled "Decoding the Dark – AI and ML in Dark Web Cybercrime and Cryptocurrency Forensics" by Prof. Ramy El-Kady, published in International Cybersecurity Law Review.

 A publisher's full text is available.

Keywords: Research Digest; Cybercrime; Cryptocurrencies; dark web; Journal article.

1.  Overview and Objectives

Prof. Ramy El-Kady’s study explores the convergence of artificial intelligence (AI), machine learning (ML), and digital forensics in addressing cybercrime on the dark web, with a particular focus on cryptocurrency transactions. The research aims to:

- Examine the forensic role of blockchain, mobile devices, and computers.

- Highlight how AI/ML enhances dark web investigations.

- Identify critical gaps in host-based cryptocurrency forensics, especially mobile platforms.

- Propose forensic methodologies for law enforcement and cybersecurity professionals.

2.  Contextual Background

Cybercrime—ranging from identity theft to terrorism financing—has surged with the rise of digital anonymity and decentralized technologies. Cryptocurrencies such as Bitcoin, Monero, and Ethereum are frequently used in dark web transactions, complicating traditional investigative methods.

The dark web, accessed via tools like the TOR browser, hosts encrypted marketplaces and forums that facilitate illicit activities. Its layered structure—comprising the surface web, deep web, and dark web—poses unique challenges for forensic investigators.

3.  AI and ML in Cyber Forensics

The study emphasizes the transformative role of AI and ML in digital forensics:

- Machine learning classifiers like XGBoost, Random Forest, and Logistic Regression have demonstrated high accuracy in detecting fraudulent cryptocurrency transactions.

- Graph-based analysis of transaction networks enhances the identification of illicit nodes and money laundering patterns.

- Active learning strategies improve supervised model performance by focusing on high-value data points.

- Clustering algorithms, such as fuzzy C-means and K-means, help isolate relevant evidence from large datasets.

These technologies automate evidence discovery, reduce investigator workload, and enable predictive analytics for criminal behavior.

4.  Host-Based Cryptocurrency Forensics

A major gap identified in the study is the lack of research on mobile-based cryptocurrency forensics. Most existing studies focus on outdated platforms like Windows 7 or legacy Android versions. Given the widespread use of mobile wallets, forensic tools must evolve to:

- Extract wallet data, public/private keys, and transaction metadata.

- Analyze volatile memory and encrypted storage.

- Adapt to newer operating systems like Android 13 and iOS 17.

Tools such as Cellebrite UFED and iFunBox are used to retrieve artifacts, but their effectiveness depends on OS-level security and app architecture.

5. Blockchain as a Forensic Tool

Blockchain’s immutable ledger offers a rich source of forensic evidence. Investigators employ techniques such as transaction mapping, cluster analysis, and targeting exchanges with KYC/AML compliance to trace illicit activity.

Despite its pseudonymity, blockchain analysis can reveal behavioral patterns and transaction histories. Tools like Elliptic, CipherTrace, and GraphSense support these efforts by de-anonymizing addresses and visualizing fund flows.

6. Dark Web Investigations

AI and ML are increasingly used to monitor and analyze dark web activities:

- Web crawling and data mining help identify hidden services and collect evidence.

- Natural Language Processing (NLP) and deep learning analyze chat logs and encrypted communications.

- Predictive analytics forecasts criminal behavior and emerging threats.

Interpol’s tools—such as Dark Web Monitor and GraphSense—enable tracking of cryptocurrency transactions and criminal networks. These systems classify entities, services, and crime types to support global investigations.

7. Legal and Ethical Challenges

The integration of AI in digital forensics raises several concerns:

- Legal professionals often lack understanding of AI processes, leading to skepticism about evidence admissibility.

- AI models may produce inconsistent outputs, challenging reproducibility in court.

- Centralized ML models pose privacy risks; federated learning offers a solution, but is complex to implement.

- AI can be weaponized by criminals through deepfakes, automated phishing, and adversarial attacks.

Addressing these challenges requires interdisciplinary collaboration and robust regulatory frameworks.

8. Machine Learning Algorithms in Cyber Forensics

The study reviews several ML algorithms used in forensic investigations. Random Forest and XGBoost are particularly effective in fraud detection and malware analysis. Support Vector Machines (SVM), K-Nearest Neighbors (KNN), and Naive Bayes are valued for their simplicity and efficiency. Deep learning models like DNN, LSTM, and GRU are increasingly used for handling complex data, especially in intrusion detection.

Integrating these algorithms with blockchain data enhances detection and attribution, enabling investigators to uncover hidden patterns and link transactions to specific entities.

9. Challenges in ML-Based Intrusion Detection

Implementing ML for anomaly-based intrusion detection faces several hurdles:

- Imbalanced datasets skew training and reduce accuracy.

- High false positive rates can overwhelm security systems.

- Resource constraints in IoT environments limit computational capacity.

- Privacy concerns arise from centralized data processing.

- Deep learning models, while accurate, require significant computational resources and may not be suitable for real-time applications.

Solutions include federated learning, parallel processing, and hybrid models that combine AI with traditional forensic techniques.

10.  Conclusions and Future Directions

Prof. El-Kady concludes that while blockchain-based forensics is advancing, host-based forensics—especially mobile platforms—requires urgent attention. Key recommendations include:

- Expanding forensic research on Monero, Ethereum, Verge, and Dogecoin.

- Developing AI-powered tools for mobile and memory forensics.

- Enhancing international collaboration and data sharing.

- Addressing legal admissibility and ethical concerns in AI-driven investigations.

The study calls for a holistic approach that combines technical innovation, legal reform, and global coordination to combat cybercrime in the age of digital currencies and dark web anonymity.