Forensic reconstruction for
AI-assisted decisions
Turn existing logs into evidence-first timelines and auditor-friendly incident narratives—without overclaiming.
Decision Path Reconstruction
Observe how AI and human decision events are captured and reconstructed—not judged or scored.
Agent initiated $50,000 transfer request to external account.
Transfer amount flagged against automated limit threshold of $10,000.
Manual override recorded. Context: Emergency Liquidity Event.
Accountability path reconstructed for review. Chain integrity preserved.
This timeline illustrates forensic reconstruction capability. It does not make compliance determinations or assign liability.
What We Do
Three steps to turn scattered evidence into auditor-ready timelines.
Ingest what you have
Upload structured or messy logs—AI traces, tickets, approvals, screenshots, policy PDFs. No SDK required to start.
Reconstruct decision paths
We build a forensic timeline showing AI actions, human interventions, and system events. Every entry is marked Known/Inferred/Unknown.
Produce evidence bundles
Generate auditor-friendly timelines and narratives with cryptographic hashes. Analysis support, not compliance verdicts.
Built for Risk, Legal, and Compliance Teams
When an AI-assisted decision is questioned, you need to reconstruct what happened using incomplete logs. AegisTrace is purpose-built for that challenge.
Chief Risk Officers
Build defensible evidence chains for AI-assisted decisions when incidents are questioned.
General Counsel & Legal
Reconstruct decision timelines with timestamped evidence for regulatory inquiries and litigation support.
Compliance Officers
Prepare auditor-friendly documentation showing what happened, what was known, and where gaps exist.
Audit & Security Teams
Investigate AI decision incidents with forensic-grade reconstruction and explicit uncertainty markers.
What We Are — What We Are Not
Clear boundaries matter. We provide evidence infrastructure, not compliance verdicts.
What We Are
- Evidence capture and timestamping infrastructure
- Forensic decision path reconstruction
- Analysis support for compliance and legal teams
- Transparent about gaps (Known/Inferred/Unknown)
- Starting point: upload what you already have
What We Are Not
- Compliance determination or violation detection
- Risk scoring or pass/fail certification
- Prevention or real-time blocking system
- Guarantee of safety or regulatory approval
- Requiring perfect logs or full AI instrumentation
Explicit Uncertainty
We surface what is known, what can be inferred, and what remains unknown. No guesswork. No false confidence.
Directly observed in evidence
Agent ID, timestamp, logged action
Derived deterministically
Time divergence, handoff detection, sequence analysis
Missing evidence and explicitly flagged
Human rationale not captured, partial logs
This transparency builds trust with regulators and internal reviewers who need to understand the limits of what can be reconstructed.
Start With What You Have
We don’t require perfect logging. We work with partial data and mark gaps as unknown.
No SDK or agent required
Upload what you have. We reconstruct the decision path and explicitly mark missing evidence.
Forensic Event Feed
Every AI and human decision event captured with cryptographic proof. Immutable audit trail for regulatory investigation and review.
Important: AegisTrace provides evidence and analysis support. It does not determine compliance, violations, or liability. Demonstration visuals and data.
Explore linked scenarios and incident reconstructions
Browse cross-domain scenarios that demonstrate decision timelines, evidentiary artifacts, and explicitly marked uncertainty—without breaking the narrative flow.
Frequently Asked Questions
Common questions about how AegisTrace works and what it delivers.
Decision Event Schema
Illustrative data structure for evidentiary capture. Demonstrates how events are cryptographically recorded for review.
Important: AegisTrace provides evidence and analysis support. It does not determine compliance, violations, or liability. Demonstration visuals and data.
{
"event_id": "evt_2026_001_au_nsw",
"timestamp": "2026-01-13T21:15:42.123Z",
"agent_id": "agent_legal_counsel_01",
"jurisdiction": "AU-NSW",
"regulatory_scope": [
"APRA CPS 230",
"Privacy Act 1988"
],
"event_type": "AI_EVENT_OBSERVED",
"decision_stage": "RECONSTRUCTION_COMPLETE",
"chain_hash": "sha256:a7f5c8d9e2b4f1a8c6d3e9b2f4a1c8d6e3b9f2a4c1d8e6b3f9a2c4d1e8b6f3a9",
"previous_hash": "sha256:b8f6d9e1a3c5f2b9d7e4f1a9c7d4e2b5f3a1c9d7e4b2f5a3c1d9e7b4f2a5c3d1",
"data_provenance": "CUSTOMER",
"hashed_reasoning": "sha256:c9g7e1b4d6f3a2c9e8b5f1d7a4c2e9b6f3d1a8c7e5b2f9d4a1c8e6b3f2d9a5c7",
"observed_action": "Document classification performed",
"human_action_present": false,
"policy_reference_ids": [
"APRA-CPS-230-3.1",
"PRIVACY-1988-5.2"
],
"policy_context_available": true
}Cryptographic fingerprint linking events in sequence
Reference to prior event creating unbroken chain
Category of observed event (AI action, human intervention, etc.)
Current reconstruction phase of the decision path
SHA-256 hash preserving AI deliberation for later review
Human-readable description of action recorded
Tracks origin of data (customer, third-party, hybrid)
Links to applicable policy contexts for investigative review