Forensic Continuity
The Forensic Layer ensures that every decision produced by QUORUM is backed by a cryptographically immutable evidence chain, enabling total reconstruction of the session state and logic used during enforcement.
Decision Reconstruction
Full state-capture at the moment of enforcement, allowing investigators to replay the exact feature set and model outputs used for any historical decision. Evidence is generated at decision time — not reconstructed after the fact.
Session Lineage
Longitudinal tracking of account and device behavior across sessions, identifying characteristic drift. Cross-session correlation evidence is included in the evidence package generated at each enforcement decision.
KZG Evidence Commitment
Every audit entry is committed as a KZG polynomial proof — a 48-byte G1 point. Any party can verify inclusion in the ledger via two pairing operations, without retrieving the full audit history. O(1) verification replaces O(log n) Merkle traversal.
Counterfactual Certificates
Every adverse decision generates an HSM-signed causal counterfactual certificate: which features drove the outcome and what change would have produced a different result. Satisfies EU AI Act Article 86 and FINTRAC adverse-action notice requirements.
Case Rebuild
Automated synthesis of investigation packets including reason codes, behavioral anomalies, cross-account correlation evidence, and the counterfactual certificate. Presented as a complete evidentiary package, not a raw log dump.
Temporal Queryability
Sub-second retrieval of historical session data across multi-year retention windows. Postgres WAL-backed event buffer provides crash-consistent storage, ensuring no decision evidence is lost under node failure.
Evidentiary Integrity
QUORUM's forensic architecture is designed to meet the evidentiary standard required in regulatory examinations and legal proceedings. Verifiable logic chains, KZG-committed audit entries, and FROST threshold-signed verdicts allow institutions to defend enforcement actions with cryptographic certainty — not policy assertions.
The FROST(Ed25519) threshold signing protocol means no single party can forge an audit verdict: the institution co-holds signing authority, and any forged entry would fail threshold verification. This provides bilateral non-repudiation — neither QUORUM nor the institution can unilaterally alter the historical record.