Full Description
This two-volume set, LNICST 685 and 686, constitutes the refereed post-conference proceedings of the 16th EAI International Conference on Digital Forensics and Cyber Crime, ICDF2C 2025, Miami, FL, USA, during November 17-19, 2025.
The 66 full papers and 1 poster paper included in these volumes were carefully reviewed and selected from 163 submissions. They have been organized in the following topical sections:
Part I: AI and Machine Learning in Digital Forensics: Papers applying AI, LLMs, and deep learning to detect anomalies,enhance forensics, or improve model reliability; Digital Forensics and Incident Response: Focused on forensic investigation, evidence recovery, data analysis, and structured workflows; Adversarial Machine Learning and Attack Detection: Addressing adversarial AI, attack simulation, and defensive mechanisms; and Cyber Threat Intelligence and Malware Analysis: Focus on malware detection, honeynets, phishing, traffic analysis, and intrusion defense.
Part II: Cyber Threat Intelligence and Malware Analysis: Focus on malware detection, honeynets, phishing, traffic analysis, and intrusion defense; Digital Evidence Management, Blockchain, and Privacy: Addressing blockchain forensics, data provenance, and privacy-preserving computation; Critical Infrastructure and Cyber-Physical Security: Cyber resilience in physical and industrial systems, including IoT, satellites, and SCADA; Legal, Policy, and AI Governance in Digital Forensics: Studies bridging AI governance, digital law, compliance, and socio-technical policy; and Posters & Demos.
Contents
.- Cyber Threat Intelligence and Malware Analysis: Focus on malware detection, honeynets, phishing, traffic analysis, and intrusion defense.
.- An encrypted traffic classification method based on Mamba and wavelet transform convolution.
.- MFETD: Multimodal Feature Fusion for Encrypted Traffic Detection based on Transformer.
.- Online Learning for Android Malware Detection under Concept-Drift.
.- Evaluating the Impact of Honeynets on Malicious Activity in Home Network Environments.
.- Revealing the Intents: Malware Protocol Semantic Inference using Large Language Models.
.- PhishIntentionLLM: Uncovering Phishing Website Intentions through Multi-Agent Retrieval-Augmented Generation.
.- APT-Agent: A Training-Free, Unsupervised, LLM-Based Multi-Agent Framework for Interpretable Advanced Persistent Threat Detection.
.- Digital Evidence Management, Blockchain, and Privacy: Addressing blockchain forensics, data provenance, and privacy-preserving computation.
.- Blockchain-based vs. SQL Database Systems for Digital Twin Evidence Management: A Comparative Forensic Analysis.
.- FAIR-MPC:Secure and Auditable SMPC for Anonymous Financial Collaboration.
.- Privacy-Preserving k-Bitruss Community Query over Encrypted Bipartite Graphs.
.- Towards Regulated and Accountable Privacy-Preserving Retrieval for Digital Forensics: A Cryptographic Design Framework.
.- Automatic Recovery of Cryptowallets from Mnemonic Seed Phrases.
.- AnchorMark: Real-World Anchor-Based Watermarking for Digital Content Authentication and Manipulation Detection.
.- Critical Infrastructure and Cyber-Physical Security: Cyber resilience in physical and industrial systems, including IoT,satellites, and SCADA.
.- Resilient Satellite Cybersecurity: Integrating NIST and AI Governance.
.- An Enhanced Federated Machine Learning Approach for Decentralized Water Contamination Detection.
.- DepFieldGen: Research on Dependent Field Generation for Secure ICS Protocols.
.- A ROSI-Based Framework with Zero Trust Architecture: Interdependent Risks and Cybersecurity Investment.
.- Accelerating Criminal Investigations with TRACY.
.- Legal, Policy, and AI Governance in Digital Forensics:Studies bridging AI governance, digital law, compliance, and socio-technical policy.
.- Retrospective Analysis of Legal Documents Using Hybrid AI - A Preliminary Empirical Study of Historical Search Warrant Processing.
.- Where the Money Is: Shadow AI Risks to Family Offices and the Wealth Management Sector.
.- Chances and Challenges of the Model Context Protocol in Digital Forensics and Incident Response.
.- SCOPE - Activity Recognition Using Temporally Dominant Topic Identification In Forensic Chat Analysis.
.- Automating Cloud Security and Forensics Through a Secure-by-Design GenAI Framework.
.- Understanding Online Grooming Through LLMs: Stage Detection and Linguistic Patterns.
.- Emerging Research, Tools, and Experimental Frameworks: Novel methods, datasets, and future directions in digital forensics and cybersecurity.
.- Graph Neural Networks for Video Device Identification.
.- WebHunter: An LLM-Agent with Exploit Planning and Tool Collaboration for Automated SQL Injection.
.- AFLTrans: An Intelligent Generative Fuzz Testing Method for Binary Programs Based on Transformer.
.- HLSEn: High-level Semantic Awareness Pseudo-code Encoding for Binary Code Similarity Detection.
.- SolDataVul-LLaMA Dataset: a LLM-driven construction method and detection research of smart contract vulnerability dataset in data trading scenarios.
.- The sample classification method accelerates the efficiency of robustness verification.
.- MuLImg-SCV: Multi-Label Vulnerability Classification of Smart Contracts Based on RGB Image.
.- On the Security of the RDHEI by Binary Symmetric Channel and Polar Code.
.- Posters & Demos.
.- Enhancing Trust in VideoKYC: Deepfake Detection and Source Attribution.
