About Us

Proprietary Forensic Knowledge Graph

We maintain a curated mapping of the NIST Computer Forensics Tool Catalog into a controlled vocabulary of 18 artifact types, dozens of investigation techniques, and structured tool capability profiles. This is not a raw data dump — each tool has been classified against our proprietary taxonomy covering artifact handling, platform support, skill requirements, and investigative use cases. This domain engineering is what separates our results from generic similarity search.

Semantic Case Understanding

When you describe your investigation, our intake system normalises your natural-language input against our controlled vocabulary — resolving aliases, inferring artifact types, and mapping investigative intent. Your case description is then embedded into a high-dimensional vector space using a deterministic template that ensures your query lands in the same semantic space as our tool profiles. This alignment is critical: it means 'analyse a RAM dump from a compromised Windows endpoint' matches the right tools, not just pages that mention those words.

Intelligent Retrieval with Adaptive Retry

Our vector search operates against a pgvector-powered database with pre-filtering on hard constraints like operating system and artifact type. If initial retrieval confidence is low, the system automatically re-embeds with modified context and retries — ensuring you get relevant candidates even for unusual or complex case descriptions. This adaptive approach dramatically reduces empty or irrelevant result sets.

Multi-Factor Composite Scoring

Candidates are ranked using a proprietary composite scoring model that blends semantic similarity with structured metadata matching. Rather than relying solely on vector distance, we weight OS compatibility, artifact type alignment, skill level appropriateness, and community adoption signals. This multi-factor approach prevents the common pitfall of pure semantic search: surfacing tools that sound relevant but don't actually fit the investigation.

Constraint-Aware Filtering

Our pipeline distinguishes between hard constraints (platform compatibility — never relaxed) and soft constraints (budget preference, skill level — relaxable when necessary). If strict filtering produces too few candidates, the system intelligently relaxes soft constraints and flags the relaxation, so you always know when a recommendation falls outside your stated preferences rather than receiving no results at all.

AI-Generated Rationale and Technique Steps

Each recommendation includes a detailed rationale explaining why the tool fits your case, plus 3–6 ordered technique steps tailored to your specific investigation scenario. This is not generic documentation — the steps are synthesised by a large language model that has been given your case context and the tool's full capability profile. The result is actionable guidance, not just a tool name.

Domain-first, not general-purpose

Every component is engineered for digital forensics. Our taxonomy, embeddings, scoring weights, and prompt templates are all calibrated to forensic investigation workflows — not adapted from a generic recommendation system.

Proprietary knowledge engineering

Our forensic domain mapping — the bridge between the NIST catalog and actionable recommendations — represents hundreds of hours of expert classification. This structured knowledge cannot be replicated by scraping or raw LLM inference.

Transparent confidence signals

We surface confidence scores, constraint flags, and pipeline metadata with every result. You always know how certain the system is and whether any of your stated constraints were relaxed to produce results.

Graceful degradation

The pipeline is designed for resilience. If any stage encounters issues — low similarity, too few candidates, LLM unavailability — fallback mechanisms ensure you still receive useful results rather than errors.