Store the decision trail
Trades, alerts, reports, policy changes, and forensic findings should be reviewable after the fact.
I work on incident response, detection engineering, forensic automation, and operator dashboards. The common thread is simple: agents can assist, but evidence, boundaries, and human review must stay visible.
My projects are built around deterministic execution, database-backed evidence, and clear operator surfaces. The LLM layer is useful, but it is not allowed to become the hidden system of record.
Trades, alerts, reports, policy changes, and forensic findings should be reviewable after the fact.
Agents should call typed, scoped functions. Guardrails belong in architecture, not only in prompts.
Dashboards, Telegram alerts, reports, and modals turn automation into an inspectable workflow.
An autonomous detection and response agent for DFIR work. It uses a typed MCP surface, read-only forensic tools, audit trails, and scored evaluation cases so the system can be inspected rather than merely trusted.
These systems are private, but the public showcases expose the product shape: live dashboards, deep-dive modals, operator reports, and the split between deterministic control and LLM-assisted review.
A private Bithumb spot-market system where deterministic policy gates do the runtime work and an LLM supervisor reviews database evidence, blocked entries, policy history, and market context.
A private watch opportunity monitor that compares active listings with sold-price evidence, extracts references, checks catalog context, and keeps the final purchase decision human-controlled.
The public GitHub surface is intentionally arranged: current flagship first, private agentic systems second, then archived DFIR intelligence projects that show collection, evidence review, reporting, and research-backed analysis behind Agentic-DART.
Autonomous DFIR agent with typed MCP tools, SIFT adapters, audit trails, and scored evaluation cases.
open 2026Archived DFIR web platform for collector ZIPs, disk images, searchable evidence, and PDF incident reports.
open 2026Archived zero-dependency macOS triage collector with modular targets and supply-chain IOC sweeps.
open 2024DFIR RAG replication of Loumachi, Ghanem and Ferrag that preceded the move toward tool-grounded agentic analysis.
open 2026Thin Python support module that converts Velociraptor collector output into Agentic-DART evidence roots.
openThe agentic projects sit on top of practical operations: SOC monitoring, incident response, DDoS defense, infrastructure security, packet analysis, and long-running community teaching.
I care less about novelty and more about operational fit: forensic tools, detection languages, data stores, typed interfaces, and deployable operator surfaces.
Reach out for DFIR automation, agentic SOC, MCP tool design, evaluation methodology, or future private beta interest in the YuShin systems.