Johnny 5 ยท Pilot Program

The Quest Begins.

Aaron's lab. OSU Police Department. 90 days to a fully compliant, AI-augmented forensic workflow.

๐Ÿ”ฌ

Aaron Sutherland

Digital Forensic Examiner ยท Oregon State University PD ยท Benton & Linn Counties

4
Examiners
10
Cases/Mo
3mo
Backlog
P1
Phase
Program Progress 230 / 1000 XP โ€” Phase 1: DEOP
Active Quests
Phase 1 โ€” DEOP

Digital Employee Onboarding Phase. Johnny 5 learns the lab.

โœ“

Complete Examiner Intake Form

Full submission received April 4, 2026 โ€” all 7 sections complete.

+100 XP
โœ“

Tool Inventory Submitted

Cellebrite, Axiom, FTK, UFED, Magnet GrayKey, X-Ways, AmpedFIVE, Griffeye Pro, Recon ITR, OS Forensics, Forensic Explorer, Magnet Witness, Sumuri โ€” all logged.

+50 XP
โœ“

Pain Points Identified

Primary bottleneck confirmed: manual review of large volumes of unstructured data. Most draining: prolonged detailed review.

+80 XP
โšก

CJIS Compliance Assessment

Review CJIS requirements for email access and AI tool integration with OSU systems. Determine compliant architecture path.

+150 XP
โšก

Email Triage System โ€” Test Deployment

Deploy People Manager agent on Tommy's inbox first, then hand off to Aaron's OSU, DPS, and personal contracting accounts after validation.

+200 XP
๐Ÿ”’

Truleo Competitive Analysis Review

Aaron reviews the Truleo vs. Haystack feature comparison and confirms priority gaps for Phase 2 build.

+100 XP
๐Ÿ”’

SWGDE Standards Walkthrough

Live session: Johnny 5 walks Aaron through on-scene protocol for each device type. Aaron validates accuracy against real-world workflow.

+200 XP
๐Ÿ”’

Dallas Conference Meetup โ€” May 18โ€“21

Aaron in Dallas/Fort Worth for conference. Tommy + Sarah coordinate in-person meeting. Johnny 5 live demo on-site.

+250 XP
Lab Intel
What Johnny 5 Knows

Extracted from Aaron's intake submission. This is the foundation of the build.

Agency
Oregon State University Police
Benton & Linn Counties, Oregon
Team Size
4 Digital Forensic Examiners
Aaron is the lead / primary contact
Case Volume
5โ€“10 cases / month
3-month backlog ยท 4โ€“5 weeks per case
Case Types
Homicide, Child Exploitation, Rape
Also: fraud, car crashes, theft
Certification
CFCE
3 years in forensics ยท occasional expert witness
Compliance Status
SWGDE Only
No formal lab certification ยท no case mgmt software
Infrastructure
Windows 11 ยท Mixed Network
Air-gapped + connected environments
Evidence Challenged?
Not Yet
Primary concern: documentation inconsistencies, chain of custody
90-Day Goal
"Easy-to-follow SWGDE process"
Fast, compliant examination guides โ€” on scene and in lab
Tool Stack
Aaron's Current Arsenal

Everything Johnny 5 needs to integrate with or augment.

Cellebrite Magnet AXIOM FTK UFED Magnet GrayKey X-Ways Forensics AmpedFIVE Griffeye Pro Recon ITR OS Forensics Forensic Explorer Magnet Witness Sumuri
Hard Rules
What Johnny 5 Must Never Do

Aaron's non-negotiables from intake. These are locked into the build.

โš 
AI must NEVER modify evidence data. Read-only access only.
โš 
Always ask clarifying questions rather than making assumptions about case facts.
โš 
All AI outputs must be legally defensible and cite the specific SWGDE/NIST standard referenced.
โš 
Data security is paramount โ€” CJIS compliance is non-negotiable before any live deployment.
โš 
AI accuracy must be verifiable โ€” no black boxes, no unexplained conclusions.
90-Day Roadmap
Phase by Phase

Build โ†’ validate โ†’ expand. Starting where the pain is biggest.

Phase 1 ยท Active Now

DEOP โ€” Digital Employee Onboarding

Johnny 5 learns the lab. Email triage across OSU, DPS, and personal contracting accounts. Workflow mapping. Supervised actions only โ€” Aaron approves everything before it ships.

In Progress
Phase 2 ยท Unlocks after DEOP complete

DERA โ€” Digital Evidence Review Assistant

Ingest the evidence pile. Johnny 5 reads, tags, clusters, and surfaces what matters from large volumes of unstructured data โ€” the #1 pain point. Texts, images, videos, timelines, behavioral patterns. Aaron reviews and signs off.

Locked
Phase 3 ยท The Endgame

DECM โ€” Digital Employee Compliance Monitor

Ongoing SWGDE + NIST compliance monitoring across the lab. Real-time on-scene protocol guidance. Flags deviations before they become courtroom problems. Auto-updates when standards change.

Locked