Incident Response - DFIRVault

Incident Response, Threat Hunting, Tooling and Software

November 6, 2025

FivePM – Threat Hunter

It’s 4:55 PM. You’re done for the day. Then — *ping* — “Possible compromise.”Meet **FivePM**: the open-source DFIR triage tool that turns chaos into clarity before you leave the office.- **Scans** files or folders...

Incident Response, Threat Hunting, Tooling and Software

September 24, 2025

CrowdStrike Investigator

I’ve just released a new tool: CrowdStrike AID Timeliner.This script helps investigators quickly build timelines around CrowdStrike Alert IDs (AIDs). Instead of manually pulling data and stitching it together, the tool automates the process...

Incident Response, Tooling and Software, Windows Forensics

August 20, 2025

Hayabusa Scanner Menu

Streamlining Windows Event Log Analysis with My Hayabusa Scanner Menu ToolFor many DFIR analysts, hunting through Windows event logs (.evtx files) is a daily reality. While Hayabusa is already a powerful and fast timeline...

Featured, Malware Analysis

August 19, 2025

Dynamic Malware Analysis on an ELK Stack

Recently i begun setting up a home lab with an Elasticsearch server and a seperate vm running Windows. On the VM i had sysmon running and configured to send logs to Elasticsearch. Additionally, i...

Tooling and Software, Windows Forensics

August 19, 2025

Automating Windows Event Log Analysis with Chainsaw Event Log Scanner

As a cybersecurity enthusiast, I’m always exploring ways to streamline digital forensics and incident response workflows. Recently, I developed a tool to make scanning Windows Event Logs (EVTX files) easier and more efficient. Introducing...

Tooling and Software

June 24, 2025

NGINX log parser

During DFIR investigations, especially in NGINX environments, we’re often handed a messy directory full of rotated and compressed log files — access.log, access.log-20250624, error.log-20250623.xz, and so on.Sound familiar?To streamline this chaos, I built a...

Threat Hunting, Tooling and Software

June 22, 2025

DFIR THOR Drive Scanner – Fast Forensic Scans with One Click

🔍 THOR Drive Scanner – Fast Forensic Scans with One ClickNeed to scan a mounted drive with THOR Lite? I built a no-fuss batch utility to automate it — THOR Drive Scanner.https://github.com/dfirvault/Thor-scanner-menu⚡ What It...

Tooling and Software

June 21, 2025

DFIR Case Manager

📁 DFIR Case Manager – Simple Case Workflow in a ClickManaging forensic case folders shouldn't be a chore. That’s why I built DFIR Case Manager, a no-frills batch utility that automates your case structure...

Incident Response, Threat Hunting, Tooling and Software

June 12, 2025

Splunk DFIR Dashboard Collection

Digital Forensics and Incident Response (DFIR) professionals know that speed and efficiency are critical during investigations. The Splunk DFIR Dashboard Collection is a treasure trove of ready-to-use Splunk dashboards designed to streamline forensic analysis and provide...

FivePM – Threat Hunter

CrowdStrike Investigator

Hayabusa Scanner Menu

Dynamic Malware Analysis on an ELK Stack

Automating Windows Event Log Analysis with Chainsaw Event Log Scanner

NGINX log parser

DFIR THOR Drive Scanner – Fast Forensic Scans with One Click

DFIR Case Manager

Splunk DFIR Dashboard Collection

Navigation

Categories