diff --git a/AI4Forensics/CKIM2024/CIKM2024_PPTs.pdf b/AI4Forensics/CKIM2024/CIKM2024_PPTs.pdf
new file mode 100644
index 0000000..55bfe60
Binary files /dev/null and b/AI4Forensics/CKIM2024/CIKM2024_PPTs.pdf differ
diff --git a/AI4Forensics/CKIM2024/readme.md b/AI4Forensics/CKIM2024/readme.md
index b2625b3..b445a25 100644
--- a/AI4Forensics/CKIM2024/readme.md
+++ b/AI4Forensics/CKIM2024/readme.md
@@ -27,7 +27,7 @@ By fostering a collaborative learning environment, this tutorial aims to empower
 
 ---
 
-## Table of Contents
+## Table of Contents [PPT](CIKM2024_PPTs.pdf)
 
 - Introduction
 - [Forensic evidence entity recognition (hands-on lab)](#forensic-evidence-analysis)
@@ -46,9 +46,9 @@ By fostering a collaborative learning environment, this tutorial aims to empower
 
 ### Forensic Evidence Analysis
 
-The cyber incident report documents a conversation between an IT Security Specialist and an Employee about an email phishing attack. We use LLMs to identify evidence entities and relationships and to construct digital forensic knowledge graphs.
+The [Cyber incident report](PhishingAttack/PhishingAttackScenarioDemo/conversation.txt) documents a conversation between an IT Security Specialist and an Employee about an email phishing attack. We use LLMs to identify evidence entities and relationships and to construct digital forensic knowledge graphs.
 
-Here is an example of a reconstructed digital forensics knowledge graph:
+Here is an example of a reconstructed digital forensics knowledge graph using an LLM only:
 
 <img src="PhishingAttack/PhishingAttackScenarioDemo/05_output_viz.png" width="400">