| A Local Hierarchical LLM Framework for Privacy-Preserving Memory Forensics of Cryptocurrency Wallets | |
|---|---|
| 學年 | 114 |
| 學期 | 2 |
| 出版(發表)日期 | 2026-04-09 |
| 作品名稱 | A Local Hierarchical LLM Framework for Privacy-Preserving Memory Forensics of Cryptocurrency Wallets |
| 作品名稱(其他語言) | |
| 著者 | Hsin-Hsiung Kao; Joe-Mei Feng; Chen-Yu Li; Cheng-Hung Lin |
| 單位 | |
| 出版者 | |
| 著錄名稱、卷期、頁數 | IEEE Access 14 , p. 55891-55902 |
| 摘要 | Cryptocurrency-related crime continues to expand worldwide. Chainalysis reports that the global value of illicit cryptocurrency transactions has exceeded USD 50 billion, underscoring an urgent need for more advanced digital forensics. Cryptocurrency investigations are particularly difficult when critical evidence resides in volatile memory. Traditional workflows are time-consuming and heavily manual. Cloud-based large language models (LLMs) also pose unacceptable privacy risks in confidential law-enforcement investigations. This paper presents a multi-layer reasoning framework that integrates LangChain with a locally deployed LLM (LLaMA 3.1-8B). The framework acquires volatile evidence via memory dumping, extracts forensic artifacts via keyword and regular-expression search, and performs three-stage reasoning with a Single-Layer Baseline Architecture, a Dual-Layer Supervisor Architecture, and a Tri-Layer RAG-Decider Architecture. We evaluate the framework on 100 purpose-built crypto-wallet forensic questions. The Tri-Layer architecture achieves an average human-evaluation total score of 11.29, which is an 8.9% improvement over the Single-Layer baseline. It also reaches a BERT F1 score of 0.84 in automated metrics, improving by 15.1%. Notably, the local Tri-Layer system performs very close to the commercial cloud model ChatGPT-4o (only a 0.3% gap overall) and surpasses it on the reasoning dimension. These results demonstrate that local LLM deployment can effectively support memory forensics under strict confidentiality and limited compute resources. The proposed approach offers a practical, low-cost, and privacy-preserving tool for digital investigations. It also shows that optimized lightweight local models can approach the analytical quality of cloud-scale models. |
| 關鍵字 | |
| 語言 | zh_TW |
| ISSN | 2169-3536 |
| 期刊性質 | 國內 |
| 收錄於 | |
| 產學合作 | |
| 通訊作者 | |
| 審稿制度 | 否 |
| 國別 | TWN |
| 公開徵稿 | |
| 出版型式 | ,電子版 |
| 相關連結 |
機構典藏連結 ( http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/129192 ) |
GoogleAnalytics