Session
[Track 6] I Gave Claude Code R00t on the DFIR SIFT Workstation
Sounds reckless. Turns out it's less reckless than letting state actors be the only ones with agentic AI. Anthropic's GTG-1002 report showed adversaries running Claude Code at 80-90% autonomous execution. Your adversary has an AI. You have tab-completion. I wired the same tool into SIFT via Model Context Protocol—timeline generation, memory analysis, malware sweeps, all via natural language. By the end, you'll see me type "SIFT!! Find Evil!" and watch it actually work. Mostly. This is what 40+ hours of testing taught me.
Rob T. Lee
Chief AI Officer (CAIO), Chief of Research, SANS Institute | “Godfather of Digital Forensics”
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top