Chainsaw 是一款开源的急救工具,用于快速检测 Windows 取证工具(包括事件日志和 MFT 文件)中的威胁。它支持通过事件日志快速搜索关键字,并使用内置的 Sigma 检测和自定义检测规则识别威胁。

characteristics

  • Use detection rules and custom detection rules to search for threats.

  • Search and extract forensic evidence through string matching and regular expression patterns

  • By analyzing workpieces and enriching them with data, execution schedules are created.

  • Analyze the database and provide insights about it.

  • Dump the original content of forensic evidence (registry hives, databases).

  • Fast as lightning, written with, packaged with a parser library.

  • Concise and lightweight execution and output format, without unnecessary bloat.

  • The documentation tags provided by the engine library (detection logic matching).

  • Output the results in various formats, such as tabular format, format, and format.

Available for free download.

https://github.com/WithSecureLabs/chainsaw

This tool can run on , , and .

Quick search and retrieval through forensic tools.

author-gravatar

Author: Emma

An experienced news writer, focusing on in-depth reporting and analysis in the fields of economics, military, technology, and warfare. With over 20 years of rich experience in news reporting and editing, he has set foot in various global hotspots and witnessed many major events firsthand. His works have been widely acclaimed and have won numerous awards.

This post has 5 comments:

Leave a comment: