Band of Agents Hackathon 2026 · Track 3
AI-powered digital forensics for under-resourced cybercrime units.
When an office worker messages "our computers are locked", five Band agents turn panic into a MITRE-mapped case file with a browser-verified chain of custody — no event-log jargon required.
✓
Chain of custody
SHA-256 hash chain verified in-browser
◎
MITRE ATT&CK
Techniques mapped with evidence citations
⚡
Agent debate
Specialists challenge each other in Band
⚖
Captain escalation
Re-scope and redirect mid-investigation
Cybercrime units with a handful of investigators face hundreds of cases a year. The bottleneck is not analysis alone — it is evidence collection and coordination. Non-technical staff do not know what to preserve. Chain of custody breaks when intake is chaotic.
Completed investigations — click to open the case file viewer
Meridian Logistics Inc. · Columbus, Ohio
LockB1D ransomware — live agent run with Captain challenge and browser-verified audit chain.
2 debate events · Open case →
MEDIUMBioGenix Therapeutics · Cambridge, MA
Host says no endpoint exfil. Network sees 13.4 GB to personal Google Drive. Captain forces correlation.
2 debate events · Open case →
HIGHConfluxe Systems · Denver, CO
Captain re-scopes mid-investigation. Blast radius: 1.24M records across 287 customers.
Open case file →
Five agents collaborate through Band — not a pipeline, an investigation room.
Human investigator
plain language only
DFIR-Liaison
intake · collection · report
DFIR-Classifier
route evidence · brief specialists
HostForensics
endpoints · logs · persistence
NetworkForensics
traffic · DNS · exfil
↔ debate & challenge ↔
DFIR-Captain
redirect · re-scope · verdict · MITRE
Case file + SHA-256 audit chain
verify in browser — not decorative
Band coordinates all agent collaboration