Tooling and Software

Incident Response, Threat Hunting, Tooling and Software

November 6, 2025

FivePM – Threat Hunter

It’s 4:55 PM. You’re done for the day. Then — *ping* — “Possible compromise.”Meet **FivePM**: the open-source DFIR triage tool that turns chaos into clarity before you leave the office.- **Scans** files or folders...

Incident Response, Threat Hunting, Tooling and Software

September 24, 2025

CrowdStrike Investigator

I’ve just released a new tool: CrowdStrike AID Timeliner.This script helps investigators quickly build timelines around CrowdStrike Alert IDs (AIDs). Instead of manually pulling data and stitching it together, the tool automates the process...

Tooling and Software, Windows Forensics

August 27, 2025

SFTP Monitor Tool

In digital forensics and incident response (DFIR), one recurring pain point I’ve seen is managing the secure transfer of evidence and log data between environments. Whether it’s pulling artifacts from a live system, sharing...

Incident Response, Tooling and Software, Windows Forensics

August 20, 2025

Hayabusa Scanner Menu

Streamlining Windows Event Log Analysis with My Hayabusa Scanner Menu ToolFor many DFIR analysts, hunting through Windows event logs (.evtx files) is a daily reality. While Hayabusa is already a powerful and fast timeline...

Tooling and Software, Windows Forensics

August 19, 2025

Automating Windows Event Log Analysis with Chainsaw Event Log Scanner

As a cybersecurity enthusiast, I’m always exploring ways to streamline digital forensics and incident response workflows. Recently, I developed a tool to make scanning Windows Event Logs (EVTX files) easier and more efficient. Introducing...

Tooling and Software

August 4, 2025

Splunk DFIR Case Manager

Why I Built This ToolAs a cybersecurity professional, I frequently work with Splunk for log management, threat detection, and incident response. One challenge I faced was managing indexes efficiently—whether creating new ones, deleting old ones, or backing...

Tooling and Software

August 4, 2025

CSV Splitter

When working in digital forensics or threat intelligence, CSVs from SIEM tools, sandboxes, or log aggregators often hit hundreds of megabytes. Feeding those into Elasticsearch or a Python parser? It chokes.I needed a way...

Tooling and Software

June 24, 2025

NGINX log parser

During DFIR investigations, especially in NGINX environments, we’re often handed a messy directory full of rotated and compressed log files — access.log, access.log-20250624, error.log-20250623.xz, and so on.Sound familiar?To streamline this chaos, I built a...

Featured, Incident Response, LLM / AI, Tooling and Software

June 23, 2025

Connecting Splunk with LLM

Why Use LLMs for DFIR in Splunk?As DFIR professionals, we deal with massive volumes of logs—security events, network traffic, endpoint telemetry, and more. While Splunk’s SPL (Search Processing Language) is powerful, what if we...

Threat Hunting, Tooling and Software

June 22, 2025

DFIR THOR Drive Scanner – Fast Forensic Scans with One Click

🔍 THOR Drive Scanner – Fast Forensic Scans with One ClickNeed to scan a mounted drive with THOR Lite? I built a no-fuss batch utility to automate it — THOR Drive Scanner.https://github.com/dfirvault/Thor-scanner-menu⚡ What It...

FivePM – Threat Hunter

CrowdStrike Investigator

SFTP Monitor Tool

Hayabusa Scanner Menu

Automating Windows Event Log Analysis with Chainsaw Event Log Scanner

Splunk DFIR Case Manager

CSV Splitter

NGINX log parser

Connecting Splunk with LLM

DFIR THOR Drive Scanner – Fast Forensic Scans with One Click

Navigation

Categories