The 2:22 DFIR Framework is an AI-assisted digital forensics and incident response platform designed to automate log-based cyber incident investigations within modern information systems.
This platform has evolved into a multi-tenant DFIR SaaS architecture that integrates:
- A deterministic forensic core engine
- A scalable FastAPI backend
- A modern investigation dashboard
- A DFIR orchestration control plane
- Evidence Integrity
- Deterministic Analysis
- Semantic Intelligence Assistance
- Scalable Processing
- Organizational Isolation
Frontend Dashboard (Next.js)
FastAPI Backend (SaaS Layer)
├── Auth & Organizations
├── Cases & Uploads
├── Jobs & Processing
├── Reports
DFIR Core Engine
├── Ingestion
├── Detection
├── Triage (Rule + Semantic)
├── Correlation
└── Report Generation
- Multi-tenant DFIR platform
- Secure JWT authentication
- Case-based evidence management
- Artifact ingestion pipeline
- Real-time job polling
- Secure report downloads
- Forensic auditability
- Deterministic + AI hybrid analysis
- Python 3.9+
- FastAPI
- SQLAlchemy
- MySQL
- Next.js
- Bootstrap HUD UI
- Python forensic modules
- Rule-based detection
- Semantic analysis (transformers / OpenAI)
DFIR_AI/
├── backend/
├── dfir_core/
├── frontend/
├── data/
├── logs_2_22/
├── requirements.txt
├── .env
python main.py start
python main.py stop
python main.py restart
python main.py status- Create organization
- Create case
- Upload evidence
- Run DFIR job
- Monitor progress
- Download report
- Organization-level isolation
- Secure report access
- Immutable evidence handling
- Auditable DFIR logic
- Backend: Stable
- DFIR Engine: Operational
- Dashboard: Active development
- Control Plane: Implemented
For cybersecurity research and defensive use only.
Generated on: 2026-03-17 08:04:03.150726