Full Description
This two-volume set, LNICST 685 and 686, constitutes the refereed post-conference proceedings of the 16th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2025, Miami, FL, USA, during November 17-19, 2025.
The 66 full papers and 1 poster paper included in these volumes were carefully reviewed and selected from 163 submissions. They have been organized in the following topical sections:
Part I: AI and Machine Learning in Digital Forensics: Papers applying AI, LLMs, and deep learning to detect anomalies,enhance forensics, or improve model reliability; Digital Forensics and Incident Response: Focused on forensic investigation, evidence recovery, data analysis, and structured workflows; Adversarial Machine Learning and Attack Detection: Addressing adversarial AI, attack simulation, and defensive mechanisms; and Cyber Threat Intelligence and Malware Analysis: Focus on malware detection, honeynets, phishing, traffic analysis, and intrusion defense.
Part II: Cyber Threat Intelligence and Malware Analysis: Focus on malware detection, honeynets, phishing, traffic analysis, and intrusion defense; Digital Evidence Management, Blockchain, and Privacy: Addressing blockchain forensics, data provenance, and privacy-preserving computation; Critical Infrastructure and Cyber-Physical Security: Cyber resilience in physical and industrial systems, including IoT, satellites, and SCADA; Legal, Policy, and AI Governance in Digital Forensics: Studies bridging AI governance, digital law, compliance, and socio-technical policy; and Posters & Demos.
Contents
.- AI and Machine Learning in Digital Forensics: Papers applying AI, LLMs, and deep learning to detect anomalies,enhance forensics, or improve model reliability.
.- Fine-Tuning Large Language Models for Anomaly Detection in Distributed System Logs.
.- Generative AI-Driven Anomaly Detection in Soil Electrical Conductivity Using Temporal Autoencoders.
.- Autoencoder-Based Intrusion Detection: A Hybrid Deep Learning Approach.
.- Memory-Recall-Based Watermarking for Data Misuse Detection in Large Language Models.
.- Comparative Study of Quantum and Classical Layers in Hybrid Quantum Neural Networks.
.- Automated Injury Severity Assessment Using Knowledge Grounded Large Language Models.
.- A Machine Learning Approach for Intrusion Detection in Drone Communication Networks.
.- MRES-S: Multi-scale Deep Learning Network for Hardware Trojan Detection.
.- MSMC-MobileNet: An Automated Multi-Scale and Multi-Contextual MobileNetv3 for Malware Detection Based on IoT.
.- LLM4PDF: Semantic-Aware Malicious PDF Detection Using LLMs.
.- LMBE: Unsupervised Detection of Lateral Movement via User Behavior Embedding.
.- Digital Forensics and Incident Response: Focused on forensic investigation, evidence recovery, data analysis, and structured workflows.
.- Analyzing Digital Forensic Data Using Process Mining Techniques: A Case Study.
.- Digital Forensic Investigation of Social Robots: Zenbo,Zenbo Jr., and Misty II as Case Studies.
.- iOS Cookie Forensics with Autopsy Tool.
.- What's Next, Cloud? A Forensic Framework for Analyzing Self-Hosted Cloud Storage Solutions.
.- Improving the forensic integrity of Mark-of-the-Web (MOTW) files.
.- A Methodology for Event Log Generation from Unstructured Digital Forensics Data.
.- Toward Structured Memory Forensics: A MITRE ATT&CK-Aligned Workflow for Malware Investigation.
.- MALDroid: An Explainable Android Malware Detection Framework Leveraging Temporal and Semantic Contextual Features.
.- A Real-Time Face Swap Detection Model for Video Chatting Scams.
.- LLM-Assisted Digital Forensic Investigations of Prompt Injection Attacks: Evidence Analysis and Representation.
.- Integration of NLP in Digital Forensics: A Pilot Study of Practitioner Perceptions on Chat Data Analysis Tools.
.- An LLM-Driven Iterative Workflow for Ontological Mapping of Digital Forensic Artifacts.
.- Adversarial Machine Learning and Attack Detection: Addressing adversarial AI, attack simulation, and defensive mechanisms.
.- Securing Federated Learning: A Hybrid Defense Against Poison Injection Attacks in LLM.
.- Temporal Sparse Black-Box Adversarial Attack on Deepfake Video Detection Models.
.- A Reward-driven Automated Webshell Malicious-code Generator for Red-teaming.
.- Detecting Container Escape Attacks via Graph Neural Networks on System Call Graphs.
.- ShellSight-LLM: Detecting Successful Webshell Intrusions via Optimized LLM.
.- Threshold-driven: Reversible Adversarial Face Examples via Latent Diffusion Model.
.- Talking Like a Phisher: LLM-Based Attacks on Voice Phishing Classifiers.
.- Deepfake Forensics Adapter: A Dual-Stream Network for Generalizable Deepfake Detection.
.- Cyber Threat Intelligence and Malware Analysis: Focus on malware detection, honeynets, phishing, traffic analysis, and intrusion defense.
.- FedHAP-MTD: Personalized Federated Malicious Traffic Detection Based on Hierarchical Updating and Adaptive Learning.
.- Validation of IP Reputations Through Redirection of Unsolicited Network Traffic to an Interactive Honeynet.
.- A Malicious IoT Traffic Detection Method Based on Recursive Feature Addition Using Graph Neural Network.
