Investigate disk and memory evidence with adversarial AI agents for DFIR.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "EvidenceGene Court" yet — see the docs or source repo.
Using the read-only disk image and memory evidence, have the Prosecutor propose an intrusion-chain hypothesis, the Defender challenge weak evidence, and the Arbiter deliver a final judgment with verifiable IOCs, a timeline, and high-risk processes.
A structured forensic report with the attack timeline, key evidence, disputed points, IOC list, and final ruling.
For a suspicious process found in memory, analyze its parent-child process tree, loaded modules, network connections, and persistence clues; use an adversarial prosecutor-defender review to assess whether it is malware and state the confidence level.
A pro-and-con assessment of the process, evidence strength analysis, and a confidence-scored malware verdict.
Summarize this disk and memory forensic investigation as a case review: include the investigation goal, key findings, evidence sources, unresolved questions, and recommended next steps for a security team lead.
A concise review summary for a team lead, suitable for communicating conclusions and next actions.
Turn AI into an autonomous DFIR analyst on SANS SIFT.
Perform read-only disk image triage with self-verifying, tamper-resistant forensic analysis.
Automate disk image forensics, malware scanning, and courtroom-ready reporting.
Conduct forensic investigations with evidence-linked, verifiable analysis and reduced hallucinations.
Analyze memory dumps for forensic investigations with fast, plugin-rich workflows.
Analyze disk images with AI through MCP for fast forensic investigation.