Detects timestomping and rename laundering for read-only digital forensics triage.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "Stomped" yet — see the docs or source repo.
Use Stomped on the SANS SIFT Workstation to perform a read-only analysis of this host image, focusing on timestomping detection, and provide suspicious files, timeline anomalies, and triage recommendations based on the USN change journal.
A DFIR triage report listing suspected timestomped files, timeline evidence, and recommended actions.
Analyze this forensic dataset with Stomped to find attempts to conceal activity through file renames or moves, reconstruct key path changes using the USN change journal, and flag high-risk objects.
Outputs rename and move chains, a list of suspicious objects, and descriptions of high-risk events.
Run Stomped for automated DFIR triage on the target system, using a read-only approach with a self-correcting analysis loop, and summarize the anomalies most worth manual review.
Generates an automated triage summary highlighting priority anomalies for manual review.
Detect NTFS timestomping safely for automated forensic triage without modifying evidence.
Turn AI into an autonomous DFIR analyst on SANS SIFT.
Wrap SANS SIFT forensic tools for structured incident response and threat analysis.
Perform read-only disk image triage with self-verifying, tamper-resistant forensic analysis.
Create tamper-evident audit trails and observability records for AI agents.
Detect and fix LLM-style prose patterns to improve writing quality.