We propose to create an advanced forensic analysis tool called TheSieve. This tool will use machine learning techniques that can classify files as malicious or benign as well as suggesting files for closer inspection. Built upon custom enhancements to the National Software Reference Library (NSRL), TheSieve will allow forensic investigators to spend theirvaluable time examining the most significant files. An important application of data repositories, like those in the NSRL, is a system that associates NSRL hash values with additional information derived through static and dynamic analysis. Phase I will yield a prototype web service and application delivered with integrations into at least one forensic analysis software package. TheSieve will be used in a controlled case study to determine if searching and provided suggestions can reduce the amount of time spent identifying files. Time permitting, the prototype will improve file suggestions using machine learning. We do not believe that TheSieve can replace endpoint detection and response products (EDR), instead it will augment them by applying Big Data analysis techniques. Finally, we will develop a process by which TheSieve database can be improved with an analyst feedback loop to enhance previously seen queries.