VERDICT v0.1.5

▶ Demo

• Feature deep-dive — the agent live, with a real on-screen self-correction (plaso unavailable → adapts to mft_timeline, fault_injection=0): https://youtu.be/jw6etogNzhY
• 4-minute showcase overview: https://youtu.be/4RQnVden6L8

See it self-correct — the #1 judged capability

A genuine tool failure handled with no human and no injected/staged error (fault_injection=0).

Live in the Claude Code terminal — plaso_parse is unavailable (log2timeline.py not on PATH), so the agent says so and adapts to mft_timeline:

Same event in the hash-chained audit log — real failure → course_correction (narrow / continue other lanes) → heartbeat escalation → honest partial verdict:

What it found — with custody you can verify offline

NIST CFReDS Hacking Case (SCHARDT.dd): SUSPICIOUS, 27 tool-cited findings across 6 artifact classes; every finding traces to its tool call via scripts/trace-finding, and manifest_verify.overall = true.

Tamper-evident chain of custody	Reconstructed attack timeline

Architecture

The whole workflow — every boundary is crossed only through a typed, read-only tool whose output is hash-chained into the custody log. Evidence vault -> SIFT tool subprocesses -> two typed MCP servers -> Claude Code agent loop -> cryptographic custody -> presentation:

The code architecture — the same pipeline mapped to the repository: entrypoints (scripts/), the agent loop governed by agent-config/, the .mcp.json surface (product servers findevil-mcp 31 Rust tools + findevil-agent-mcp 12 Python tools = 43 audit-chained tools; the n8n / playwright / puppeteer / qmd convenience servers that never emit findings), the SIFT DFIR subprocess tools, the read-only evidence vault, the hash-chained custody chain (audit.jsonl -> manifest_finalize -> manifest_verify), and the outputs (verdict.json, coverage_manifest.json, REPORT.{html,pdf}, apps/web SSE dashboard):

---

A documentation-only release. VERDICT's public docs are rewritten to read as a shipped product: a product-first README and reader-facing docs, with the accuracy/anti-overclaim doctrine preserved verbatim. No code, test, CI, or runtime behavior changed since v0.1.4.

Highlights

README — full rewrite to a product-first voice

• Action-first flow: Install & run -> What you get -> See it run -> How it works -> Capabilities -> Accuracy & scope -> Getting started -> Repository layout -> Documentation -> License.
• Removed competition/judge framing and superlatives; collapsed dense caption blocks to one-line captions; trimmed repeated claims to a single statement each.
• One understated origin credit line in the footer.

Reader docs — de-hackathon pass (structure unchanged)

• INSTALL.md, QUICKSTART.md, docs/architecture.md, docs/DATASET.md, docs/verdict-semantics.md, docs/false-positives.md, docs/cryptographic-attestation.md, docs/index.md: judge/submission references reframed; SANS SIFT VM kept as the reference forensic environment.

Preserved verbatim

• The accuracy/anti-overclaim doctrine: coverage_manifest language, verdict-word scoping (SUSPICIOUS / INDETERMINATE / NO_EVIL), the CONFIRMED > INFERRED > HYPOTHESIS hierarchy, and the >=2-artifact-class execution rule.
• All images/GIFs and every CI-guarded link/path.

Verification

All gates passed on the release commit: L0 Static (incl. docs cross-references intact + tool-count), L1 Unit+Build, L2 SIFT-lite, Amendment A2 invariants, and the aggregate CI Required gate. run-all-smokes.sh: 21 passed / 0 failed.

Install

Prebuilt, checksum-verified findevil-mcp binaries are attached for Linux x86_64/aarch64 and macOS x86_64/aarch64. scripts/install.sh fetches them with FINDEVIL_MCP_PREBUILT=1 FINDEVIL_MCP_VERSION=v0.1.5 (verified against SHA256SUMS); otherwise it builds from source. See INSTALL.md / QUICKSTART.md.

Changelog (since v0.1.4)

• docs: rewrite README + de-hackathon reader docs to release-ready voice (#36)

Full diff: v0.1.4...v0.1.5

---

Since v0.1.5 — evidence & demo (docs/demo-tooling only; merged to master)

Real, verified scripts/verdict runs committed as compact evidence (each traces clean with scripts/trace-finding; manifest_verify.overall = true):

• NIST CFReDS Hacking Case disk (SCHARDT.dd) — SUSPICIOUS, 27 findings across 6 artifact classes (custody, disk/filesystem, MFT, prefetch, registry, timeline); plaso_parse genuinely unavailable → organic course_correction → timeline sealed PARTIAL, run continued. (docs/release-evidence/nist-schardt-disk-*)
• ~18 GB memory image (Volatility) — vol_pslist/psscan/psxview/malfind; honest INDETERMINATE, malfind held at HYPOTHESIS. (docs/release-evidence/memory-volatility-summary.json)
• Stage Two evidence map — per-criterion artifact + one-line verify command (docs/release-evidence/stage-two-evidence.md).
• Full accuracy report (false positives / missed artifacts / hallucinated claims / evidence integrity) and an organic self-correction trace (fault_injection=0).
• Feature deep-dive film rebuilt: George / ElevenLabs v3 narration + a real interactive Claude Code TUI self-correction clip (see Demo above).

No runtime, tool, or CI behavior changed; these are documentation, evidence, and demo-tooling additions.

VERDICT v0.1.4

VERDICT is a DFIR agent that runs inside Claude Code: point it at supported evidence and it opens a Case, drives a typed read-only MCP tool surface, verifies every Finding, and writes a signed Verdict plus analyst report. This release adds large-/multi-host investigation guidance and a documentation accuracy pass, on top of the v0.1.x release-hygiene line.

Highlights

Large- and multi-host investigations

• Fleet mode + scale guidance — scripts/verdict <case-root> --fleet runs each host as its own audit-chained Case, then cross-host correlation and a fleet report. New operating guidance in CLAUDE.md ("Large And Multi-Host Cases") and agent-config/PLAYBOOK.md ("Multi-host fleet — the scale path"): SIFT mount-in-place for large disk images (no multi-GB copy), VM space management, and disk+memory fusion for ≥2-artifact-class corroboration.
• DFIR interpretation traps added to agent-config/MEMORY.md (auto-read before any Finding): EID 1102 build-residue vs. incident log-clear, vol_malfind RWX false positives, and truncated-capture pslist=0/malfind=0 ("not analyzable", not clean).
• feat(verdict): case-local run artifacts consolidated under the case directory.

Accuracy honesty

A read-only audit of the public docs, with fixes applied (4 HIGH + 12 MEDIUM/LOW + framing):

• Repointed broken accuracy-report.md §3 references; removed three non-existent commit-hash citations; scoped the unpopulated "DFIR-Metric + leaderboard" benchmark claim.
• Corrected compute_verdict line count, the CONFIRMED-filter jq command, the contradiction_resolved audit-record name, rs_merkle/DuckDB labeling (hand-rolled / path-reserved), Ed25519-as-default signer, conditional REPORT.html/.pdf, and attribution of showcase numbers to the pictured run.

Tests & CI

• test(fixtures): Windows golden contracts.
• ci: a single aggregate required check.

Install

Prebuilt, checksum-verified findevil-mcp binaries are attached for Linux x86_64/aarch64 and macOS x86_64/aarch64. scripts/install.sh fetches them with FINDEVIL_MCP_PREBUILT=1 FINDEVIL_MCP_VERSION=v0.1.4 (verified against SHA256SUMS); otherwise it builds from source. See INSTALL.md / QUICKSTART.md.

Verification

All CI gates passed on the release commit: L0 Static, L1 Unit+Build, L2 SIFT-lite, L3 Nightly Goldens, Docs (cross-references intact), tool-count, Amendment A2 invariants, and the aggregate CI Required gate. Rust: cargo clippy -D warnings clean; cargo test --workspace 320 passed / 0 failed (1 intentional ignore).

Known limitations / roadmap

• A few README/QUICKSTART marketing captions are intentionally kept as image alt-text or with linked accuracy context rather than rewritten.
• Prebuilt binaries cover Linux + macOS (no Windows binary in this set).
• In-chain self-correction — emitting auditable records when the agent revises a Finding — is tracked as #54.

Changelog (since v0.1.3)

• docs: large/multi-host case guidance, DFIR interpretation traps, #54 cross-link
• docs: clarify calibration and benchmark claims (HIGH overclaim fixes)
• docs: fix MEDIUM/LOW accuracy overclaims (factual + reference corrections)
• docs: attribute showcase numbers + fix quickstart clone-path example
• feat(verdict): consolidate case-local run artifacts
• test(fixtures): add Windows golden contracts
• ci: add aggregate required check
• chore(release): ignore local video artifacts

Full diff: v0.1.3...v0.1.4

VERDICT v0.1.3

Release for VERDICT DFIR.

Quickstart

git clone --branch v0.1.3 --depth 1 https://github.com/TimothyVang/verdict-dfir.git verdict
cd verdict
bash scripts/setup
scripts/verdict <path-to-evidence>

Start here

• Install guide: https://github.com/TimothyVang/verdict-dfir/blob/v0.1.3/INSTALL.md
• Quickstart: https://github.com/TimothyVang/verdict-dfir/blob/v0.1.3/QUICKSTART.md
• Run modes and flags: https://github.com/TimothyVang/verdict-dfir/blob/v0.1.3/docs/using/running-verdict.md
• Release boundary: https://github.com/TimothyVang/verdict-dfir/blob/v0.1.3/docs/release-surface.md

VERDICT opens evidence read-only, drives typed DFIR tools, verifies reportable Findings against cited tool calls, and emits a signed Verdict plus report. Unsupported or unparsed artifact classes are recorded as coverage limitations rather than broad clearance claims.

VERDICT v0.1.2

Auto-generated VERDICT release. See README.md, docs/architecture.md, and docs/release-surface.md.

v0.1.0

Full Changelog: v-submit...v0.1.0

---

Demo videos

Narrated walkthroughs (download or stream the .mp4 assets below):

• Product showcase (4:35) — full end-to-end run on a 22-host enterprise · find-evil-demo.mp4
• Educational explainer — what VERDICT is + core concepts · verdict-educational-explainer.mp4
• Feature deep-dives — self-correction, live dashboard, offline tamper/verify · verdict-feature-deep-dives.mp4
• Quickstart — install to a signed verdict in two commands · verdict-quickstart.mp4
• Help build VERDICT — invariants + contributor on-ramp · verdict-contributor-call.mp4

VERDICT — SANS Find Evil! 2026 submission

VERDICT is a DFIR agent that runs from a local clone, drives a narrow typed MCP tool surface, verifies every Finding, and produces a signed, offline-verifiable Verdict plus report.

Install and run

git clone --depth 1 --branch v-submit https://github.com/TimothyVang/verdict-dfir.git verdict
cd verdict
bash scripts/setup
scripts/verdict <path-to-evidence>

Use --sift when you want disk-image parsing through a SANS SIFT VM:

scripts/verdict --sift <path-to-evidence>

Required before a real investigation

• Claude Code or an Anthropic credential available to the local environment.
• Evidence you are authorized to analyze.
• For raw .E01 / .dd disk content: local Sleuth Kit/libewf support or --sift.
• Run bash scripts/doctor.sh after setup to see exact missing prerequisites.

Which assets matter

• find-evil-demo.mp4 — short demo walkthrough.
• report.html — offline report example.
• findevil-mcp-*.tar.xz + SHA256SUMS — optional prebuilt Rust MCP binaries for advanced/manual installs.
• find-evil-submission.zip — historical SANS submission bundle, not the normal install path.

Normal install path

Most users should ignore the release assets and install from the tagged source checkout with bash scripts/setup. The setup script builds or fetches the product pieces, checks prerequisites, and prints an honest readiness summary.

Documentation at this tag

• README: https://github.com/TimothyVang/verdict-dfir/tree/v-submit#readme
• Install guide: https://github.com/TimothyVang/verdict-dfir/blob/v-submit/INSTALL.md
• Running guide: https://github.com/TimothyVang/verdict-dfir/blob/v-submit/docs/using/running-verdict.md
• Architecture: https://github.com/TimothyVang/verdict-dfir/blob/v-submit/docs/architecture.md

---

Demo videos

Narrated walkthroughs (download or stream the .mp4 assets below):

• Product showcase (4:35) — full end-to-end run on a 22-host enterprise · find-evil-demo.mp4
• Educational explainer — what VERDICT is + core concepts · verdict-educational-explainer.mp4
• Feature deep-dives — self-correction, live dashboard, offline tamper/verify · verdict-feature-deep-dives.mp4
• Quickstart — install to a signed verdict in two commands · verdict-quickstart.mp4
• Help build VERDICT — invariants + contributor on-ramp · verdict-contributor-call.mp4