FIG. 3 depicts an illustrative method for using neural networks to process forensics and generate intelligence information in accordance with one or more example embodiments. Referring to FIG. 3, at step 305, a computing platform having at least one processor, a communication interface, and memory may receive information and/or message metadata that may be used to train one or more neural networks for threat identification. At step 310, the computing platform may extract one or more features from the information and/or message metadata. At step 315, the computing platform may aggregate the features by threat. At step 320, the computing platform may train the one or more neural networks to identify indicators of compromise using the information and/or message metadata. At step 325, the computing platform may receive new information and/or message metadata. At step 330, the computing platform may input the new information and/or message metadata into the one or more neural networks, which may result in numerical representations of the new information and/or message metadata. At step 335, the computing platform may cluster the numerical representations generated at 330. At step 340, the computing platform may apply heuristics to the clusters to identify indicators of compromise. At step 345, the computing platform may send indicators of compromise information to an enterprise user device. At step 350, the computing platform may identify whether any feedback was received in response to the indicators of compromise information. If feedback was not received, the method may end. If feedback was received, the computing platform may proceed to step 355. At step 355, the computing platform may retrain and/or otherwise update the neural network based on the feedback.