-
Notifications
You must be signed in to change notification settings - Fork 5
Phase 1
Juwon1405 edited this page May 3, 2026
·
17 revisions
This page is the operator's-eye summary of Phase 1 — what is shipping for SANS FIND EVIL! 2026.
For the full roadmap context (Phases 2 / 3 / 4 too), see Roadmap.
Phase 1 is the agentic DFIR layer — the autonomous reasoning loop that takes a single forensic case end-to-end with an architecturally enforced read-only boundary, an audit chain that survives reboot, and a contradiction handler that cannot be smoothed over.
-
60 typed forensic functions on the MCP wire (35 native + 25 SIFT Workstation adapters). Anything outside the surface (
execute_shell,write_file,mount,eval) raisesToolNotFoundregardless of prompt content. Asserted by 6-test bypass suite. - SHA-256 chained audit log. Every MCP call hashed and chained. Tamper breaks the chain. 50 threads × 20 calls = 1000-entry audit chain verified concurrent-safe (v0.4.1 fix).
-
Path sandbox.
_safe_resolverejects../, null bytes, absolute escapes, paths >1024 chars. -
Contradiction enforcement.
dart-corrflagsUNRESOLVEDbetween artifacts. Serializer rejects findings that ignore unresolved contradictions. - Audit-id citation. Every finding cites the audit ID of the call that produced it. Serializer rejects findings without one.
These five guarantees are the load-bearing architecture for all four phases. Phase 2 / 3 / 4 are extensions, not replacements.
| OS | Coverage |
|---|---|
| Windows | EVTX, MFT, AmCache, Prefetch, ShimCache, Shellbags, USB history, Registry, Scheduled Tasks, Kerberos, Windows logons |
| Linux (v0.4 — 2026-04-30) | auditd, systemd-journal, bash history, /etc/passwd, web access logs, Unix auth logs |
| macOS (v0.4 — 2026-04-30) | unified log, launchd plists, bash history |
| Memory + Network | process tree, open sockets, credential signals |
11 of 12 MITRE ATT&CK enterprise tactics covered. The 12th — Command and Control — is partial (process-side only; full PCAP-based C2 deferred to Phase 2).
| Playbook | Lines | Status |
|---|---|---|
senior-analyst-v1.yaml |
128 | Quick-demo baseline |
senior-analyst-v2.yaml |
845 | Methodology baseline (Mandiant + Bianco + Diamond + 25 references) |
senior-analyst-v3.yaml ⭐ |
1135 | Default. Industrialization release — adds Palantir ADS + MaGMa UCF + TaHiTI hunt cycle + Bianco HMM. 42 references. |
See dart-playbook for the deep dive.
- 31 of 31 tests passing on a fresh clone (Python 3.10 + 3.12 CI matrix)
- 6 dedicated bypass tests asserting
ToolNotFound - Demo run completes in <1 second on SIFT v22.04
- Two reproducible case-study walkthroughs:
- 26-page wiki (this very wiki you are reading)
- The Memex Bet — frames Agentic-DART in the lineage from Vannevar Bush 1945 → Karpathy 2026 → Agentic-DART
- About the name — what DART means and why it expands cleanly
- Threat model — what we defend against and what we explicitly do NOT defend against
- 4-minute SANS demo video (mock-screencast pre-cut shipped; live screencast in flight per #14)
| Item | Status | Issue |
|---|---|---|
| Live screencast on SANS SIFT v22.04 | 🟡 In progress | #14 |
| Devpost submission click (T-2 = 2026-06-13) | 🟡 Scheduled | #15 |
| Ali Hadi Memory Forensic Challenge #1 accuracy | 🟡 In progress | #16 |
| NIST CFReDS Hacking Case re-measure (post T1070.006 tightening) | ⏰ TODO | #1, #17 |
| Digital Corpora M57 Patents accuracy | ⏰ TODO | #18 |
After 2026-06-15, Phase 1 is closed. Bug fixes only on main. Architectural changes go to a Phase 2 branch.
These are intentional omissions, deferred by design — Phase 1 ships a tight, defensible architecture rather than a sprawling feature surface.
| Capability | Phase | Why deferred |
|---|---|---|
| Live response (kill / quarantine / block) | Phase 3 | Read-only Phase 1 cannot grow response without breaking the architectural guarantee. Response gets a separate armed MCP server with a different audit chain and human-in-the-loop confirmation. |
| Sigma rule synthesis from observed evidence | Phase 2 | The dart-synth package is scoped but unimplemented. Tracked in #10. |
| Cloud DFIR (CloudTrail / GuardDuty) | Phase 2 |
analyze_aws_cloudtrail is scoped. Tracked in #11. |
| Volatility-style memory plugin coverage | Phase 2 | Memory currently used for process-tree + sockets only. Full memory forensics is a separate engineering project. |
| Auto-execute YAML playbooks (no Python phase scaffold) | Phase 2 | YAML is read by the agent today; execution still goes through hardcoded Python phases. Auto-execution tracked in #34. |
| Enterprise multi-host orchestration | Phase 3 | Phase 1 is single-host offline. Multi-host is a Phase 3 dart-responder concern. |
| Date | Version | Highlight |
|---|---|---|
| 2026-04-28 | v0.3 | Initial 31-function MCP surface, 17 tests passing |
| 2026-04-29 | v0.3.1 | dart-corr correlation engine GA |
| 2026-04-30 | v0.4 | Linux + macOS expansion → 35 native functions, 20 tests passing |
| 2026-05-02 | v0.5 | SIFT Workstation tool adapter layer → 60 functions (35 native + 25 SIFT), 22 tests passing |
| 2026-04-30 | Playbook v2 | 845-line methodology release |
| 2026-05-01 | Playbook v3 ⭐ | Industrialization release — Palantir ADS + MaGMa + TaHiTI + HMM |
| 2026-05-01 | Playbook v3.1 | Yamato Security external references added (no code import) |
| 2026-04-30 | v0.4.1 | Audit chain race condition fix (threading.Lock()) |
| 2026-05-03 | v0.5.1 | Evergreen visuals + full-surface QA pass (counts removed from PNG identity) |
| 2026-05-03 | v0.5.2 | Defensive runtime guards + 3 regression tests → 31 tests passing. dart_audit JSON default=str consistency, dart_agent._report() early-exit guard, correlate_timeline SQL-injection hardening |
If you are reading this Phase 1 page and want to understand:
- Why this architecture? → The Memex Bet
- What does the agent actually do? → Architecture deep dive
- How do I run it? → Running on SIFT or Running on macOS
- What case classes does it handle? → dart-playbook
- What does it NOT defend against? → Threat model
- What comes after Phase 1? → Roadmap (Phase 2 / 3 / 4)
Agentic-DART — autonomous DFIR agent · architecture-first, not prompt-first · MIT license · github.com/Juwon1405/agentic-dart
- The Memex bet ⭐ Why this design
- About the name
- Architecture-first vs prompt-first
- Architecture deep dive
- Threat model
- Glossary
- dart-mcp — typed surface (native + SIFT adapters)
- dart-agent — senior-analyst loop
- dart-corr — cross-artifact correlation
- dart-audit — SHA-256 chained log
- dart-playbook — senior-analyst sequencing rules (v3 default)
- MCP function catalog (native + SIFT adapters)
- Comparison with adjacent tools
- FAQ
- Operator guide — distro-agnostic
- Running on SIFT
- Live mode
- Accuracy report
-
Roadmap ⭐ Phase 1 ~95% complete
- Phase 1 — Agentic DFIR ⭐ dedicated page · SANS submission
-
Phase 2 — Detection engineering
- The self-learning loop ⭐ design note
- Phase 3 — Agentic SOC
- Phase 4 — Broader agentic security