TL;DR
- Purpose & Ethics: AI chatbots can significantly aid forensic investigations and cybersecurity tasks (e.g. Pen Testing, Red Teaming) by analysing large-scale leaked data—provided they’re used ethically and legally.
- Use Cases: Practical applications include alert triage, incident response, forensic training, secure coding support, and threat intel summarisation—all while maintaining strict data handling and audit controls.
- Caution & Verification: AI-generated outputs must always be cross-checked against raw datasets to maintain accuracy, avoid misinterpretation, and ensure the integrity of findings.
Introduction
AI is proving to be a useful companion for analysing data at scale for forensic examiners (data that is already publicly available if not privately hosted).
This involves building an AI chatbot system based on large language models (LLMs) and should only be used for legitimate, ethical purposes (e.g. for internal automation, security support, or user interaction).
The objective of creating this tool could be:
- Help with finding juicy information fast before an engagement.
- Generate technical content.
- Analyse data.
- Understand leaked data context.
Whilst you can opt for the use of OpenAI API (e.g.GPT-4-turbo or GPT-3.5 via REST API) it is highly recommended to host an Open-Source Model onsite or via a private hosting platform and use models like Mistral, LLaMA, OpenChat, or GPT4All. This means the data is private and offline.
Once you have this in place it’s time to build the Interface (Web App/CLI/Chatbot) and connect this to the model. The final architecture will look similar to this.
Benefits of using an internal Chatbot for forensic teams
For forensic teams, an internal Chatbot can be used as a specialised forensic assistant designed for analysing data leaks, dumps, forensic artefacts, helping analysts identify exposed credentials, sensitive documents, or indicators of compromise by cross-referencing leaked content with internal asset inventories, threat intelligence feeds, and MITRE mappings — all while maintaining strict data handling protocols and audit trails.
Ideas for safe chatbot AI usage
- Cybersecurity assistant (triage alerts)
- Incident Response Bot (based on MITRE ATT&CK)
- SOC SOP Helper
- AI SOC
- Playbook assistant based in input/output
- Training bot for forensic investigators
- Secure coding assistant
- Juicy information identification
- Threat intel report summariser
LockbitGPT a ChatGPT-powered tool designed to assist threat intelligence researchers
The tool was launched shortly after the ransomware gang LockBit was taken down in May 2025. This resulted in a huge amount of the gang’s internal data being leaked, including chat logs, encryption keys, Bitcoin wallets, details about how they operated, and more.
To help make sense of it all, Hudson Rock built LockBitGPT. It’s a tool powered by ChatGPT, designed specifically to help threat intelligence researchers dig through the leak without spending days buried in raw data.
The tool itself states that it is a closed system, and data you share with LockBitGPT is not sent to or accessible by OpenAI or any external party.
Alon Gal, Hudson Rock’s CTO, said the idea was to make the data easier to search and understand.
The leak had everything from how affiliates communicated to the gang’s infrastructure, many in the industry have called it one of the biggest intelligence wins in recent years.
The images below are just a sample of the dataset that can be analysed through the Chatbot and dramatically speeds up investigation time.
Final thoughts on using Chatbots for forensic purposes
AI output should always be cross-checked with the raw data set to ensure accuracy, prevent misinterpretation, and maintain data integrity throughout the analysis process.
As we can see, if used and set up correctly with the necessary inputs, an AI chatbot can be a great advantage to offensive, defensive and OSINT teams.
AI use is becoming an integral part of forensic investigations and should be invested in to support smarter and faster deliverables.
