Autonomous DFIR agent driving SANS SIFT forensic tools via an MCP server + LangGraph, with guardrails and a hash-chained audit trail.
AI-assisted digital forensics lab — 12 tools, 3 runtimes, one-command automation
A self-correcting, contradiction-aware DFIR agent for Protocol SIFT. Detects conflicts between memory/disk/log/network artefacts, self-corrects, and produces evidence-backed reports.
A 'code-mode' MCP server that allows LLMs to safely generate and execute JavaScript code that calls command-line forensic tools, performs analysis, and employs traditional machine learning algorithms and probabilistic reasoning using SIFT workstation, for autonomous DFIR investigations.
Evidence-Contract Autonomous IR Agent — the agent that structurally cannot lie. SANS FIND EVIL! Hackathon submission.
VERDICT — autonomous Windows DFIR agent for SANS FIND EVIL! 2026. Plan-then-Execute LangGraph + Claude Agent SDK + SGLang. Cloud / air-gap / dual modes. Forensic discipline encoded at the schema layer. Full-stack, no mocks.
Bounded autonomous DFIR triage for SIFT and Protocol SIFT.
DeepSIFT - A zero-hallucination autonomous DFIR agent for the SANS SIFT Workstation. 148 typed, audited, guard-railed MCP forensic tools with per-claim grounding verification, 4-axis confidence scoring, and an HMAC-signable chain of custody. .
Evidence-grounded autonomous incident response: an MCP server giving an AI agent a typed SIFT/Volatility forensic toolset where every finding traces to a cryptographically-receipted tool execution.
An autonomous, multi-agent DFIR orchestrator. LogPose utilizes custom MCP boundaries to safely execute SIFT tools and synthesize breach data into actionable timelines at machine speed
Autonomous multi-agent DFIR orchestrator — Splunk alerts trigger AI triage, findings pushed back to Splunk. 100% precision, 0 hallucinations. Claude + SIFT + Go MCP Server.
Autonomous evidence-grounded DFIR agent for the SANS Find Evil hackathon — every finding validated against SHA-256-sealed tool output by an LLM-free verifier.
Autonomous forensic investigation agent with self-correction for SANS SIFT Workstation. 21 typed MCP tools, 7 contradiction detectors, evidence-weighted confidence scoring. Built for SANS Find Evil! Hackathon.
Self-correcting AI agent for DFIR — FIND EVIL! Hackathon 2026
Add a description, image, and links to the sift-workstation topic page so that developers can more easily learn about it.
To associate your repository with the sift-workstation topic, visit your repo's landing page and select "manage topics."