VERITAS

Autonomous Windows forensic investigation. Every confirmed finding backed by a physical artifact — not model confidence.

How It Works Try It Out GitHub


The one-line version

Disk Agent + Memory Agent investigate on separate evidentiary layers. The Forensic Auditor challenges every finding independently. CONFIRMED requires a positive return value from a real forensic tool. Model confidence counts for nothing.


Results — 4 hosts, SANS FIND EVIL! 2026 case data

Host Investigated Confirmed Refuted Time Cost
nfury (10.3.58.6) 19 candidates 15 4 16 min $14
tdungan (10.3.58.7) 17 candidates 13 4 15 min $14
nromanoff (10.3.58.5) 7 candidates 3 4 15 min $14
rocba (192.168.1.5) — C2 node 5 candidates 1 4 23 min ~$14
Total 48 32 16 < $60

Exactly 4 refutals per host across all four investigations. Every confirmed finding independently reproducible from the audit log with one shell command.

View live investigation reports with full Auditor transcripts →


Quick start

git clone https://github.com/sassom2112/find-evil-2026.git
cd find-evil-2026
python3 -m venv forensics_env
source forensics_env/bin/activate
pip install -r requirements.txt
export ANTHROPIC_API_KEY="sk-ant-..."
# Terminal 1 — MCP forensic tool server
source forensics_env/bin/activate
python3 custom-agent/sift_server.py
# Terminal 2 — full investigation
source forensics_env/bin/activate
python3 custom-agent/investigate.py --case /mnt/hostname
# Fast triage — no API key, < 10 seconds
source forensics_env/bin/activate
python3 fast-triage/fast_triage.py /mnt/hostname

Requires a Windows disk image mounted read-only on a SANS SIFT Workstation. The venv step is required on SIFT — Debian 12 blocks system-wide pip installs by default.

Campaign mode — multi-host investigation

# First host — baseline investigation
python3 custom-agent/investigate.py --case ~/cases/nfury

# Second host — seed with confirmed IOCs from first host
python3 custom-agent/investigate.py --case ~/cases/tdungan nfury

# Third host — all prior confirmed artifacts injected
python3 custom-agent/investigate.py --case ~/cases/nromanoff nfury tdungan

Host names resolve to reports/<host>-iocs.json. Only Auditor-confirmed artifacts propagate — hallucinations that were refuted on the first host cannot contaminate the next investigation.


The security boundary

Every forensic action flows through one MCP primitive: run_terminal_command. Four gates execute in Python before any subprocess call — hard-blocked injection tokens, 53-binary SIFT allowlist, quote-aware pipeline parser, and a write-target guard that enforces reports/ via os.path.realpath(). Evidence modification is structurally impossible, not prompt-dependent.

Full architecture →


SANS FIND EVIL! Hackathon 2026  ·  Custom MCP Server + Multi-Agent Adversarial Pipeline  ·  MIT License