Cross-platform incident response and live forensics toolkit with built-in detection, structured analysis, and report generation — designed for fast, actionable security investigations.

PowerShell script to audit NTLM authentication events from Windows Security and NTLM Operational logs. Filters by NTLMv1/v2, failed logons, privileged sessions (4672), date ranges, and null sessions. Validates NTLM audit GPO settings. Targets localhost, remote servers, domain controllers, or an entire AD forest.

Next-generation log server with AI integration. Turn massive logs into actionable insights using LLMs. Lightweight & Fast.

Workflow event logs to ML-based predictive timelines: deterministic reconstruction, sequence features (waiting/time gaps), and early risk prediction for prioritization.