AI Forensic Capabilities for DFIR Teams

Palimpsest helps digital forensics and incident response teams process evidence faster, reconstruct attack timelines, map attacker behavior, and produce analyst-reviewed forensic reports.

Built for sensitive evidence environments, Palimpsest combines local AI, forensic workflows, chain-of-custody awareness, and clear investigation outputs.

Built to Move Investigations From Evidence to Explanation

Modern cyber incidents produce more artifacts than most teams can manually review quickly. Palimpsest is designed to help analysts preserve, classify, correlate, and explain digital evidence across logs, disk images, memory captures, PCAPs, endpoint telemetry, mobile artifacts, and cloud records.

Its core capabilities include AI evidence classification, timeline reconstruction, MITRE ATT&CK mapping, analyst-reviewed reporting, air-gap-ready operation, and executive dashboards. These capabilities are pulled from the Palimpsest forensic AI workflow described in the project deck.

AI Evidence Classification

Palimpsest ranks and prioritizes artifacts so analysts can focus on the evidence most likely to matter first. It supports relevance scoring, integrity checks, and priority tiering across artifact types, helping reduce manual review time while keeping analysts in control of final decisions.

Use this for:
Evidence triage, artifact prioritization, breach review, alert validation, and investigation scoping.

Timeline Reconstruction

Palimpsest correlates events across multiple sources to build a clearer sequence of incident activity. It supports cross-source event correlation, clock skew normalization, gap detection, and the identification of suspicious sequences or possible anti-forensic behavior.

Use this for:
Breach reconstruction, ransomware investigations, insider activity reviews, lateral movement analysis, and post-incident reporting.

MITRE ATT&CK Mapping

Palimpsest maps evidence patterns to attacker tactics, techniques, and procedures using retrieval-augmented analysis against ATT&CK context. This helps investigators connect artifact clusters to known behaviors and communicate findings in a structure security teams already understand.

Use this for:
TTP analysis, incident classification, threat behavior reporting, SOC handoff, and executive incident summaries.

Analyst-Reviewed Forensic Reporting

Palimpsest helps generate investigation narratives, artifact references, chain-of-custody records, dashboards, IOC handoff, and SIEM exports. On the public website, use “analyst-reviewed forensic reporting” instead of “court-ready reporting” to keep the claim more defensible and emphasize human review.

Use this for:
Client reports, executive summaries, legal support, regulatory response, technical documentation, and internal post-incident reviews.

Air-Gap Ready Operation

Palimpsest is designed for on-premise and air-gap-ready environments where sensitive evidence cannot be sent to external cloud AI systems. The deck emphasizes that Palimpsest keeps data inside the environment with no cloud dependency.

Use this for:
Sensitive evidence, regulated data, legal matters, healthcare, finance, government-style environments, and internal investigations.

Executive Dashboard

Palimpsest turns technical forensic findings into clear investigation views for clients, executives, and decision-makers. Dashboards can support risk posture, interactive timeline visualization, incident summaries, and executive briefings per investigation.

Use this for:
Client communication, leadership briefings, MSSP reporting, risk summaries, and post-incident decision-making.

From Raw Evidence to Defensible Outputs

Palimpsest supports the full forensic workflow through a five-stage pipeline: Ingest, Extract, Analyze, Reconstruct, and Report. This process moves evidence from raw sources like disk images, memory dumps, PCAPs, logs, and mobile artifacts into structured investigation outputs such as dashboards, chain-of-custody records, IOC handoff, and analyst-reviewed reports.

Why These Capabilities Matter

Faster Investigations Without Replacing Analysts

AI can help teams move through evidence faster, but digital forensics still requires professional judgment. Palimpsest is designed to support analysts by surfacing relevant evidence, connecting related events, mapping attacker behavior, and preparing clear outputs for review.

The goal is simple: help teams answer what happened, when it happened, what evidence supports it, and what should happen next.

See Palimpsest Capabilities in Action

Schedule a live demonstration to see how Palimpsest helps teams triage evidence, reconstruct timelines, map attacker behavior, and generate analyst-reviewed forensic reports.

Built for DFIR teams, MSSPs, legal support, regulated organizations, and sensitive evidence environments.