Autonomous DFIR agent driving SANS SIFT forensic tools via an MCP server + LangGraph, with guardrails and a hash-chained audit trail.
An autonomous, multi-agent DFIR orchestrator. LogPose utilizes custom MCP boundaries to safely execute SIFT tools and synthesize breach data into actionable timelines at machine speed
Autonomous multi-agent DFIR orchestrator — Splunk alerts trigger AI triage, findings pushed back to Splunk. 100% precision, 0 hallucinations. Claude + SIFT + Go MCP Server.
VERDICT — autonomous Windows DFIR agent for SANS FIND EVIL! 2026. Plan-then-Execute LangGraph + Claude Agent SDK + SGLang. Cloud / air-gap / dual modes. Forensic discipline encoded at the schema layer. Full-stack, no mocks.
Evidence-Contract Autonomous IR Agent — the agent that structurally cannot lie. SANS FIND EVIL! Hackathon submission.
Autonomous evidence-grounded DFIR agent for the SANS Find Evil hackathon — every finding validated against SHA-256-sealed tool output by an LLM-free verifier.
DeepSIFT - A zero-hallucination autonomous DFIR agent for the SANS SIFT Workstation. 148 typed, audited, guard-railed MCP forensic tools with per-claim grounding verification, 4-axis confidence scoring, and an HMAC-signable chain of custody. .
Autonomous forensic investigation agent with self-correction for SANS SIFT Workstation. 21 typed MCP tools, 7 contradiction detectors, evidence-weighted confidence scoring. Built for SANS Find Evil! Hackathon.
Self-correcting AI agent for DFIR — FIND EVIL! Hackathon 2026
Evidence-grounded autonomous incident response: an MCP server giving an AI agent a typed SIFT/Volatility forensic toolset where every finding traces to a cryptographically-receipted tool execution.
Add a description, image, and links to the sift-workstation topic page so that developers can more easily learn about it.
To associate your repository with the sift-workstation topic, visit your repo's landing page and select "manage topics."