chainsaw

Rapidly search and hunt through Windows forensic artifacts

brewmacoslinux

Try with needOr install directly

About

Rapidly Search and Hunt through Windows Forensic Artefacts

chainsaw

Search for suspicious process creation events in Event Logs$ chainsaw search -i /path/to/eventlog.evtx -s 'process creation' --csv output.csv

Hunt for lateral movement indicators across multiple event logs$ chainsaw hunt -i /path/to/logs/ -r rules/ --json results.json

Dump and parse Windows Event Log with color-coded output$ chainsaw dump /path/to/Security.evtx | head -50