diff --git a/A17 Pro Forensic Audit Tool.py b/A17 Pro Forensic Audit Tool.py
new file mode 100644
index 0000000..0970a41
--- /dev/null
+++ b/A17 Pro Forensic Audit Tool.py	
@@ -0,0 +1,68 @@
+# This tool performs a post-boot forensic audit of system logs
+# to identify indicators consistent with a degraded security state.
+# It does not exploit, induce, or bypass any hardware protections.
+
+import os
+import re
+
+# --- VULNERABILITY DETECTION POC: A17 PRO "I2C4 ZOMBIE" ---
+# Targeted toward detecting the iBoot-to-Kernel Fallback (T8130 -> T8122)
+
+def detect_zombie_state(extracted_path):
+    findings = {
+        "Kernel_Mismatch": False,
+        "DART_Bypass": False,
+        "ACE_Debug_Panic": False,
+        "SEP_Lockout": False
+    }
+
+    print("--- [POC] INITIALIZING SILICON AUDIT ---")
+
+    # 1. KERNEL IDENTITY AUDIT (Unified Kernel Policy Check)
+    # Rationale: Standard A17 (T8130) should not run T8122 (M3) logic.
+    kernel_file = os.path.join(extracted_path, "kernel_identity_audit.txt")
+    if os.path.exists(kernel_file):
+        with open(kernel_file, 'r') as f:
+            content = f.read()
+            if "RELEASE_ARM64_T8122" in content: #
+                print("[!] MATCH FOUND: Fallback Kernel T8122 detected on T8130 hardware.")
+                findings["Kernel_Mismatch"] = True
+
+    # 2. DART MEMORY FIREWALL AUDIT (Bypass Detection)
+    # Rationale: "bypass-15" proves hardware isolation is disabled for DCP/USB.
+    dart_file = os.path.join(extracted_path, "memory_firewall_audit.txt")
+    if os.path.exists(dart_file):
+        with open(dart_file, 'r') as f:
+            content = f.read()
+            # Searching for the specific DART bypass flags
+            if '"bypass-15" = <>' in content or '"apf-bypass-15" = <>' in content:
+                print("[!] MATCH FOUND: Hardware Memory Firewall (DART) is physically BYPASSED.")
+                findings["DART_Bypass"] = True
+
+    # 3. HPM LOG AUDIT (Silicon Panic Verification)
+    # Rationale: Attempt to set ACE Debug pin indicates a fatal bus-sync failure.
+    log_file = os.path.join(extracted_path, "logarchive_findings.txt")
+    if os.path.exists(log_file):
+        with open(log_file, 'r') as f:
+            content = f.read()
+            # Specific ACE Debug rejection string
+            if "ACE Debug cannot be set. Missing boot-args." in content:
+                print("[!] MATCH FOUND: Hardware Power Manager (HPM) attempted ACE Debug Trapdoor.")
+                findings["ACE_Debug_Panic"] = True
+            
+            # SPU Driver Stall check
+            if "site.AppleSPUCT836" in content and "Ready" not in content:
+                print("[!] MATCH FOUND: Digitizer Driver (CT836) stalled at site initialization.")
+                findings["SEP_Lockout"] = True
+
+    # --- VERDICT ---
+    score = sum(findings.values())
+    print("\n--- [POC] VULNERABILITY VERDICT ---")
+    if score >= 3:
+        print(f"STATUS: INDICATORS PRESENT (Findings: {score}/4)")
+        print("INTERPRETATION: Device may be operating in a degraded security state.")
+    else:
+        print(f"STATUS: NO INDICATORS DETECTED (Findings: {score}/4)")
+
+# Execution
+# detect_zombie_state("/content/sys_analysis/")