Authors : Onyagu Chika Lilian; Ifeanyichukwu Oluchukwu Aniakor; Obidike Chukwuemeka Augustine; Adigwe Amaka Raechel; Edeh Hyacinth

Volume/Issue : Volume 11 - 2026, Issue 5 - May

Google Scholar : https://tinyurl.com/5hfv95ua

Scribd : https://tinyurl.com/3a3zfbht

DOI : https://doi.org/10.38124/ijisrt/26May1257

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Serverless cloud computing is becoming increasingly popular due to its scalability, flexibility, and ease of infrastructure administration. Platforms such as AWS Lambda and Knative support event-driven execution of applications without direct server administration. However, the transitory and distributed nature of serverless settings poses substantial hurdles to digital forensics, notably in the acquisition, retention, and analysis of volatile memory artifacts. Traditional forensic techniques are often ineffective because critical evidence may disappear rapidly, while the large volume of generated artifacts complicates incident investigation and response. Furthermore, many AI-based forensic systems use black-box models, which reduces transparency and trust in forensic decision-making. This study presents an Explainable Artificial Intelligence (XAI)-based system for memory artifact triage in serverless cloud computing settings. The framework integrates Graph Neural Networks (GNNs) for analyzing relationships among forensic artifacts, explainability techniques such as SHAP, LIME, and GNNExplainer for interpretable decision-making, and Large Language Models (LLMs) for generating human-readable forensic explanations. Memory artifacts including processes, API calls, execution traces, and network interactions, are represented as graph structures to support anomaly detection, artifact classification, and suspicious behavior identification. The explainability layer reveals the reasoning behind forensic choices, enhancing accountability and forensic validation. The suggested framework improves forensic readiness, evidence prioritization, transparency, and incident response efficiency in cloud-native systems, while adhering to standards like ISO/IEC 27037. The report also highlighted issues with scalability, privacy, and the ethical implications of auditable AI in digital investigations.

Keywords : Serverless Forensics; Explainable AI; Memory Triage; Graph Neural Networks; Cloud Security.

References :

1. F. Idugboe, W. Junior, and V. Castro, "Cloud Forensic Tools and Storage: A Systematic Mapping Study," International Journal of Innovative Science and Research Technology, vol. 3, no. 3, pp. 54–64, 2026. https://doi.org/10.5281/zenodo.19313810
2. S. Kavyadharshni, B. Dharciga, and A. S. Vs, "Challenges in Serverless Computing," vol. 03, pp. 1154–1157, 2025.
3. S. Kumar and P. Meenalochini, "Explainable AI for Reliable and Transparent Cloud Security Solutions," vol. 2, no. 6, pp. 1–19.
4. H. Nyholm, K. Monteith, S. Lyles, M. Gallegos, M. Desantis, J. Donaldson, and C. Taylor, "The Evolution of Volatile Memory Forensics," pp. 556–572, 2022.
5. R. D. Syahputri, A. Anggono, and M. Djasuli, "Evolution and Research Opportunities of Digital Forensic Tools: A Bibliometric Analysis," vol. 10, no. 2, pp. 474–485, 2024.
6. A. K. Words, D. Learning, and M. Analysis, "A Novel Study on Intelligent Methods and Explainable AI for Dynamic Malware," 2019.
7. D. E. Date, "Explainable AI in Malware Analysis and Detection," 2023.
8. M. Song, "Explainable AI in Malware Analysis: A Human-Centric Approach," 2023.
9. T. Shehzadi, "Serverless Computing Architectures and Applications in AWS," 2023.
10. C. James, "Comparative Analysis of Explainable AI Techniques in Malware Detection," 2023.