u/brian_carrier

There is a lot of non-data driven discussions around using AI in investigations. Some people think it will be amazing. Some think its a disaster. A lot of other people are undecided.

The community needs data to help navigate this and I'm hoping you can help.

We launched a challenge a couple of weeks back.

1. Submit anonymized screen shots of where AI was amazing, where it was a disaster, and where it was "meh...."
2. Our panel of judges (skeptics and advocates) will review them
3. The public will vote
4. Winners get bragging rights
5. All anonymous submissions are posted on github.

Judges:

• Heather Barnhart (SANS)
• Alexis Brignoni (LEAPPS)
• Eric Capuano (Digital Defense Institute)
• Brian Carrier (Sleuth Kit Labs – Organizer)
• Filip Stojkovski (BlinkOps)

Full details are here:

https://www.cybertriage.com/blog/aidfir-2026-challenge-the-good-vs-the-ugly/

Please send in your best submissions!

Adding to the DFIR + AI theme, in case you didn't see it on LinkedIn, we released an MCP server for Autopsy last week (and Cyber Triage). This allows you to connect Claude Desktop (or similar) to Autopsy and ask questions about the results.

It's a read-only interface, so your original data won't get modified by the AI.

We've also been doing an Intro DFIR+AI series if you are just starting to really pay attention to how to integrate these things:

Autopsy Release: https://www.autopsy.com/autopsy-4-23-0-release-claude-ai-assistant-mcp-cyber-triage-integration/

AI Blogs:

• How to Let AI Access Your DFIR and SOC Investigation Data
• MCP Servers for DFIR and SOC Investigations using AI
• How To Share Your “SKILLS” With the LLM