ARCHAEO - Forensic Log Archaeology
Pillar of the Past: Recovering, analyzing, and proving historical agent behavior.
ARCHAEO - Forensic Log Archaeology
ARCHAEO is the governance module responsible for the PAST. It transforms raw system logs into legally valid forensic evidence, detects security gaps, and automatically hardens the system based on historical anomalies.
Core Capabilities (Platinum Level)
Deep Recursive Scan
Deep analysis of multiple log directories with automatic detection of gaps and truncations.
Forensic Affidavit
Generation of "Laudo Técnico Pericial" with SHA-256 chain of custody for legal validity.
Anomaly Detection (ML)
Pure TypeScript Isolation Forest implementation to detect statistical outliers in agent behavior.
Auto-Hardening
Automatic application of runtime policies based on forensic findings.
Technical Architecture
ARCHAEO operates as a bridge between the LEDGER (Pillar 7) and the Central Runtime (Pillar 4).
1. Chain of Custody
Every scanned log file is hashed (SHA-256). If a log is tampered with or truncated, ARCHAEO detects the cryptographic mismatch and alerts the governance layer.
2. Lateral Movement Detection
By analyzing access patterns across different services, ARCHAEO identifies potential lateral movement techniques used by autonomous agents or malicious actors.
3. SIEM Integration
Structured forensic data can be exported directly to standard SIEMs (Datadog, Splunk, ELK) via the --siem flag.
CLI Usage
ARCHAEO is integrated into the ABS CLI:
# Basic forensic scan
abs archaeo scan ./logs --deep
# Generate forensic affidavit with legal validity
abs archaeo scan ./logs --affidavit
# Run anomaly detection and apply hardening policies
abs archaeo scan ./logs --engine --apply ./runtime_policies.jsonGovernance Cycle: Past to Present
ARCHAEO closes the loop of governance:
- Analyze (Past): Detect anomalies in historical logs.
- Predict (Present): Identify risks based on patterns.
- Enforce (Future): Apply policies to prevent recurrence.
"Past analyzed. Present hardened. Future certified."