By skyforbes 
From evidence triage to report generation — applying large language models to real forensic cases like HackTheBox’s “Sherlok”.
About the “Sherlok” Challenge (HackTheBox)
“Sherlok” is an easy-level digital forensics challenge from Hack The Box’s Sherlocks series — designed to simulate a real-world investigation where an analyst must uncover evidence from a limited set of artifacts.
In this challenge, participants receive a few digital traces — such as system logs, memory snapshots, or network captures — and are tasked with reconstructing the attacker’s actions, identifying indicators of compromise (IoCs), and answering investigative questions.
The focus of Sherlok is not complex exploitation but analytical reasoning: understanding how to extract, correlate, and interpret forensic data to build a clear narrative of what happened.
It’s the perfect environment to demonstrate how AI tools like ChatGPT can assist investigators — from artifact triage and log interpretation to timeline reconstruction and report drafting.
