-
Notifications
You must be signed in to change notification settings - Fork 1
Home
The goal for dfirws is to have useful tools for DFIR and IR work in an easy to access way in a Windows Sandbox.
Start by reading Getting started and continue with Customise dfirws.
Trying to add Jupyter Notebooks under setup/jupyter to be able to automate investigations as much as possible. At the moment there are notebooks for
Below are sections similar to the REMnux docs documentation with examples on how to use the tools included in dfirws.
- Investigate JavaScript
- Investigate Office files
- Investigate PDF
- Investigate PowerShell
- Examples using Didier Stevens tools
- General tools
Read more about available tools here. If you miss a tool, find a problem och like to change a default configuration please submit an issue on GitHub for better control and traceability.
Getting started and customize dfirws. Also look at Samples to test the included tools.
Use Jupyter notebooks or look at tools and tips to investigate different filetypes
- File system forensics and data recovery
- Investigate Email
- Investigate JavaScript files
- Investigate MSI-files
- Investigate Office files
- Investigate OneNote file
- Investigate PDF files
- Investigate PE files
- Investigate PowerShell
- Network forensics
- Windows forensics
- Available tools
- Examples using Didier Stevens tools
- General tools