Chainsaw: Open-source tool for hunting through Windows forensic artefacts

Chainsaw is an open-source first-response tool for quickly detecting threats in Windows forensic artefacts, including Event Logs and the MFT file. It enables fast keyword searches through event logs and identifies threats using built-in Sigma detection and custom detection rules.

Chainsaw features

• Hunt for threats using Sigma detection rules and custom detection rules
• Search and extract forensic artefacts by string matching and regex patterns
• Create execution timelines by analyzing Shimcache artefacts and enriching them with Amcache data
• Analyse the SRUM database and provide insights about it
• Dump the raw content of forensic artefacts (MFT, registry hives, ESE databases)
• Lightning fast, written in rust, wrapping the EVTX parser library
• Clean and lightweight execution and output formats without unnecessary bloat
• Document tagging (detection logic matching) provided by the TAU Engine Library
• Output results in a variety of formats, such as ASCII table format, CSV format, and JSON format

Chainsaw is available for free download on GitHub. The tool can be run on Linux, macOS and Windows.

Must read:

• 33 open-source cybersecurity solutions you didn’t know you needed
• 20 free cybersecurity tools you might have missed
• 15 open-source cybersecurity tools you’ll wish you’d known earlier
• 20 essential open-source cybersecurity tools that save you time

I have read and agree to the terms & conditions

Leave this field empty if you're human: