From Alert to Evidence: Evaluating AI Agents for Cyber Forensic Triage

Cyber defense teams are beginning to experiment with large language models in security operations, but their usefulness in digital forensics and incident triage is still uncertain. Many AI-enabled tools can summarize alerts or provide a single set of observations, but investigations usually require more than a static summary.