Logo Politecnico di Torino
ENIT
WebThesis

Design, Implementation and Evaluation of LLM-based Agents for Forensic Analysis

Stefano Fumero

Design, Implementation and Evaluation of LLM-based Agents for Forensic Analysis.

Rel. Danilo Giordano, Francesco De Santis, Marco Mellia. Politecnico di Torino, Master of science program in Computer Engineering, 2025

[thumbnail of Tesi_di_laurea]
Preview
 PDF (Tesi_di_laurea) - Thesis
Licence: Creative Commons Attribution.
Download (1MB) | Preview

Abstract

Large Language Model (LLM) based agents are increasingly adopted for the automation of complex tasks. In this thesis, I systematically study their capabilities and limitations in cybersecurity forensics. Building upon a publicly available cybersecurity benchmark, I designed and evaluated a modular multi-agent system for forensic analysis. I first addressed two fundamental limitations of LLMs: the lack of long-term memory and the inability to access up-to-date knowledge. To overcome these challenges, I added a semantic memory module for storing and retrieving information and a web search tool (RAG) for external knowledge retrieval. Leveraging these solutions, I then enhanced the agent architecture through iterative refinements.

The initial design relied on a single monolithic agent, while later versions added specialized components, including a PCAP Flow Reporter and a Log Reporter for traffic and log analysis

Relators

Danilo Giordano, Francesco De Santis, Marco Mellia

Academic year

2025/26

Publication type

Electronic

Number of Pages

68

Course of studies

Master of science program in Computer Engineering

Classe di laurea

New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING

Aziende collaboratrici

Politecnico di Torino

URI

https://webthesis.biblio.polito.it/id/eprint/37685
Modify record (reserved for operators) Modify record (reserved for operators)
Logo Politecnico di Torino