3rd World Congress on Smart Computing
(WCSC2026)

Organized by  

Soft Computing Research Society

in Association with 

International Auditors for Digital and Data Management Association, Bangkok Thailand

Venue

Novotel Bangkok on Siam Square, Bangkok, Thailand

January 10-11, 2026 

The after-conference proceeding of the WCSC 2026 will be published in Springer Book Series, ‘Lecture Notes in Networks and Systems’.

Rahul Karne

DFIR-Chain - Integrating Memory Forensics, YARA Scanning, and LLM Summarization for Automated Triage

Abstract:

Digital forensics and incident response (DFIR) must evolve to deal with increasingly complex memory-resident threats and the ever-increasing volume of volatile data. In response, DFIR-Chain is introduced, an integrated toolchain that brings together traditional memory forensics (Volatility 3), signature scans (YARA and IOC matching), string extraction, and large language model (LLM) Summarization (via LangChain and an Ollama-served Mistral model) to automate the triage of compromised systems. DFIR-Chain produces visual process trees, a timeline of events (using Graphviz), and a narrative report of findings. The system is evaluated using an accurate memory snapshot from a publicly available capture-the-flag (CTF) image, and show how each DFIR component contributes to the highfidelity detection of malware. Preliminary ablation study shows that removing even one of the components, such as YARA or LLM summarization, leads to a drop of as much as 10 percent in the F1 score. This work displays how LLM techniques combined with expert signatures offer possibilities to create AI-supported reports with higher reliability than automated approaches. This work also considers how DFIR-Chain factors into the picture as a counterpart against traditional and most recently developed machine learning-based DFIR tools and automated triage systems, and our use of LLMs for forensic report narratives is one way this effort reaches beyond the community to understand better how memory forensics can meet incident response needs. DFIRChain represents an improved method for providing investigatory accuracy and efficiency and shows a non-therapeutic approach forward in the form of memory forensics for incident response.

Profile:

Rahul Karne is a Senior Cyber Incident and Digital Forensics Analyst with extensive experience spanning digital forensics and incident response (DFIR), cloud security, application security, and enterprise vulnerability management. He currently serves at American Airlines, where he leads large-scale investigations involving digital forensics, employment and immigration fraud, data exfiltration, and insider threat scenarios, collaborating closely with legal, corporate security, and internal investigation teams. Rahul has managed over a thousand investigations and has developed custom automation tools and incident response playbooks to enhance forensic efficiency and evidence integrity.

Previously, Rahul held security leadership and engineering roles at Caterpillar and Amazon Web Services, where he contributed to DevSecOps integration, enterprise vulnerability lifecycle management, cloud security architecture, and large-scale security service deployments for Fortune 500 clients. His work has resulted in significant cost savings, improved detection capabilities, and strengthened organizational security posture.

Rahul holds two master’s degrees in Information Systems Security and Computer Science and is an active member of IEEE and ACM. He has authored multiple peer-reviewed publications in cybersecurity and applied artificial intelligence and is currently pursuing patent work focused on advanced forensic analysis systems.