SANS Find Evil! 2026 · Custom MCP Server submission

SilentWitness

A hypothesis-first DFIR investigator whose report writes itself, with every claim locked to the tool execution that produced it.

Start with setup Review the trace
10/10
ROCBA findings recalled in the headline run
12
agent-visible MCP tools, no generic shell surface
1,838
unit, integration, and property tests

Judge path

The shortest route from submission review to evidence.

Open all docs
Run it

SIFT setup and first case

Install the CLI, register evidence, investigate, review, verify, and export.

Measure it

ROCBA accuracy report

10 of 10 recalled in the headline run, with variance and misses documented.

Trace it

Finding to tool execution

Three claims traced from report observation to record, query audit row, and source artifact.

Inspect it

Guardrails in code

Read-only evidence, MCP tool firewall, citation gate, entity gate, and hash-chain.

Constraint implementation

The model plans. The server decides what can become evidence.

SilentWitness keeps raw evidence behind a read-only mount and exposes only typed MCP tools. Citation and entity gates run before an observation is recorded, so unsupported claims fail at the tool boundary instead of being cleaned up later in prose.

Hypotheses form, pivot, confirm, or abandon in the audit log.

Prompt-based guidance is supplementary, not the security boundary.

Every report claim can be traced to a record, audit row, and source artifact.

SilentWitness hallucination firewall showing staged claim checks

Visual evidence

Architecture images are part of the review packet.

Architecture

Architecture

Eight trust boundaries, six enforced in code.

Claim Trace

Claim Trace

A finding has to resolve to the exact tool execution that produced it.

Self-Correction

Self-Correction

Critic challenges and coverage-gate retries are visible in the audit logs.