Skip to content
Peter Reuterås edited this page Nov 21, 2023 · 36 revisions

Welcome to the dfirws wiki!

The goal for dfirws is to have useful tools for DFIR and IR work in an easy to access way in a Windows Sandbox.

Getting started

Start by reading getting started and continue with customise dfirws. Installation is described in the project README.md file. To have a shared folder of the tools for use by a group of people look in resources/contrib/sync.

Using dfirws

Look at the pages below depending on the type of file you would like to investigate. You can also look at the Jupyter notebooks that are available and that can help investigate some type of files.

Read more about available tools here. If you miss a tool, find a problem och like to change a default configuration please submit an issue on GitHub for better control and traceability.

This wiki is available in running sandboxes by clicking on the dfirws wiki link on the desktop:

dfirws-wiki