-
Notifications
You must be signed in to change notification settings - Fork 1
Home
The goal for dfirws is to have useful tools for DFIR and IR work in an easy to access way in a Windows Sandbox.
Start by reading getting started and continue with customise dfirws. Installation is described in the project README.md. To have a shared folder of the tools for use by a group of people look in resources/contrib/sync. Also look at changes to get information about updates and changes.
Look at the pages below depending on the type of file you would like to investigate. You can also look at the Jupyter notebooks that are available and that can help investigate some type of files.
- Investigate Email
- Investigate JavaScript files
- Investigate Office files
- Investigate OneNote file
- Investigate PDF files
- Investigate PE files
- Investigate PowerShell
- Investigate ZIP files
- Examples using Didier Stevens tools
- General tools
Read more about available tools here. If you miss a tool, find a problem och like to change a default configuration please submit an issue on GitHub for better control and traceability.
This wiki is also available in every running sandbox by clicking on the dfirws wiki link on the desktop:
Getting started and customize dfirws. Also look at Samples to test the included tools.
Use Jupyter notebooks or look at tools and tips to investigate different filetypes
- File system forensics and data recovery
- Investigate Email
- Investigate JavaScript files
- Investigate MSI-files
- Investigate Office files
- Investigate OneNote file
- Investigate PDF files
- Investigate PE files
- Investigate PowerShell
- Network forensics
- Windows forensics
- Available tools
- Examples using Didier Stevens tools
- General tools