Forensic Analysis of Artifacts from Microsoft's Multi-Agent LLM Platform AutoGen

Document Type

Conference Proceeding

Publication Date

7-30-2024

Abstract

Innovations in technology bring new challenges that need to be addressed, especially in the field of technical artifact discovery and analysis that enables digital forensic practitioners. Digital forensic analysis of these innovations is a constant challenge for digital investigators. In the rapidly evolving landscape of Artificial Intelligence (AI), keeping up with the digital forensic analysis of each new tool is a difficult task. New, advanced Large Language Model (LLM)s can produce human-like artifacts because of their complex textual processing capabilities. One of the newest innovations is a multi-agent Large Language Model (LLM) framework by Microsoft called AutoGen. AutoGen enables the creation of a team of specialist Large Language Model (LLM)-backed agents where the agents "chat"with each other to plan, iterate, and determine when a given task is complete. Typically one of the agents represents the human user while the other agents work autonomously after the human gives each agent a responsibility on the team. Thus, from a digital forensics perspective, it is necessary to determine which artifacts are created by the human user and which artifacts are created by the autonomous agents. Analysis in this work indicates that the current implementation of AutoGen has little in artifacts for attribution outside of particular memory artifacts, yet has strong indicators of usage in disk and network artifacts. Our research provides the initial account on the digital artifacts of the Large Language Model (LLM) technology AutoGen and first artifact examination for a Large Language Model (LLM) framework.

Publication Source (Journal or Book title)

ACM International Conference Proceeding Series

This document is currently not available here.

Share

COinS