Home
AIFT automates Windows and Linux forensic triage analysis of disk images and triage packages using AI. Upload one or more E01, VMDK, VHD, raw images, or archives; enter local paths; or use Scan Directory to discover evidence targets inside a folder. Then select which artifacts to parse and receive an AI-generated forensic report — all from a local web interface, with no external services required. AIFT automatically detects the OS type per image and presents the appropriate artifact set. Analyze multiple systems in a single case with cross-system correlation to identify lateral movement, shared IOCs, and incident timelines across hosts.
Built for incident responders who need fast answers, and simple enough for non-forensic team members to operate.
| Version | 2.0 |
| License | AGPL-3.0 |
| GitHub | github.com/FlipForensics/AIFT |
New to AIFT? Start here:
- Installation — Install Python dependencies and configure your environment.
- Getting Started: Your First Analysis — Walk through uploading evidence, selecting artifacts, and generating your first report.
You will also need to configure an AI provider. See AI Provider Setup for instructions on connecting Claude, OpenAI, Kimi, or a local model via Ollama/LM Studio.
Auto-generated code reference documentation is available at:
This wiki documents AIFT as of version 2.0.