DFIR & Detection Engineering · Tokyo, Japan

Building autonomous detection systems and architectural security guarantees. Currently exploring agentic DFIR — MCP-based forensic agents that encode the reasoning pattern of a senior analyst as architecture, not as a prompt.

• Digital Forensics & Incident Response  ·  Windows / macOS / Linux
• Detection Engineering  ·  MITRE ATT&CK coverage modeling, Sigma
• DevSecOps & Security Automation
• Agentic AI for Security  ·  MCP, audit-chained reasoning loops

Autonomous DFIR agent that thinks like a senior analyst. Architecture-first, not prompt-first. 61 typed forensic MCP tools (36 native + 25 SIFT Workstation adapters) across 10 / 12 MITRE ATT&CK enterprise tactics (TA0009 Collection and TA0011 C2 are Phase 2 roadmap), 43 / 43 tests passing on a fresh clone (CI green on Python 3.10/3.11/3.12/3.13), 1182-line senior-analyst playbook v3 synthesizing Mandiant + Bianco + Diamond + Palantir ADS + MaGMa UCF + TaHiTI hunt cycle (42 references). Read-only MCP boundary makes destructive ops impossible by construction. Three evaluation tiers: synthetic reference (recall=1.0), noise-injected realistic at ~1:30 IOC:benign (recall=1.0), and NIST CFReDS Hacking Case (community-trusted external benchmark) — v0.5.4 scores 0.50/0.80 strict/lenient on 10 sampled NIST findings, up from v0.5.3's 0.10/0.40, after parse_registry_hive (issue #52) shipped. Remaining CFReDS gaps (#53/#54/#55) are explicit Phase 2 deliverables. Starts as agentic DFIR; designed to expand toward agentic SOC and beyond.

_{→ github.com/Juwon1405/agentic-dart  ·  Submission to SANS FIND EVIL! 2026  ·  MIT}

🍎 yushin-mac-artifact-collector macOS DFIR Artifact Collector — single-file, zero-dep, modular collection script with selective module execution and supply-chain IOC sweeps (litellm PyPI 2026-03 + generic).	🔬 yushin-mac-forensics-platform macOS DFIR Forensics Platform — Flask-based platform that ingests collector ZIPs & disk images (DD/RAW/E01/AFF/DMG), parses 30+ artifact categories, and produces searchable evidence + PDF incident reports with optional Ollama / OpenAI analysis.
🧪 yushin-gendfir-rag GenDFIR RAG Pipeline — unofficial Python replication of Loumachi, Ghanem & Ferrag (2024). RAG + LLM pipeline for DFIR cyber-incident timeline analysis. Equation-by-equation, fully unit-tested.	📓 GitNote GitNote — curated personal knowledge base in InfoSec & computer science. A long-running collection of notes, references, and code snippets from years of DFIR / detection engineering work.

• Network Attack Packet Analysis for Security Practitioners  ·  보안 실무자를 위한 네트워크 공격 패킷 분석  _{(co-author, lead)}
  Freelec, 2019.11  ·  ISBN 9788965402589  ·  ~370 pp.
  A practitioner's reference covering DDoS, web exploitation, malicious traffic, wireless intrusion, system exploitation, and large-volume packet analysis.
  _{→ Yes24  ·  Aladin  ·  Kyobo  ·  Google Books}

• 🥇 Gold Prize, 2017 Korea Open-Source Software Developer Contest  _{(NIPA, national OSS award)}
• 📜 Patent (filed): Security Event Correlation Analysis Apparatus  _{(2018, Netmarble Corp.)}
• 🎯 4th place, 2017 CCE National Cyber Defense Competition  _{(National Intelligence Service of Korea)}
• 🐛 Special Prize, 2015 LINE Bug Bounty Program  _{(LINE Corp.)}

• YouTube: DoubleS1405 — long-running Korean-language information-security lecture channel (2014–present)

• Awesome Stars (GitNote) ⭐ — 204 starred repos categorized into 12 buckets (DFIR / Blue Team / AI / Red Team / Malware / OSINT / etc.), regenerated periodically.
• DFIR — Digital Forensics & Incident Response
• BlueTeam — Defensive operations & SOC
• Tools & Tips — Analysis utilities
• DevSecOps — Security automation & AI
• Gist — Code snippets

Research collaboration · CTF · CSIRT exchange · Open-source security tooling