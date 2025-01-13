Chainsaw is an open-source first-response tool for quickly detecting threats in Windows forensic artefacts, including Event Logs and the MFT file. It enables fast keyword searches through event logs and identifies threats using built-in Sigma detection and custom detection rules.

Chainsaw features

Hunt for threats using Sigma detection rules and custom detection rules

Search and extract forensic artefacts by string matching and regex patterns

Create execution timelines by analyzing Shimcache artefacts and enriching them with Amcache data

Analyse the SRUM database and provide insights about it

Dump the raw content of forensic artefacts (MFT, registry hives, ESE databases)

Lightning fast, written in rust, wrapping the EVTX parser library

Clean and lightweight execution and output formats without unnecessary bloat

Document tagging (detection logic matching) provided by the TAU Engine Library

Output results in a variety of formats, such as ASCII table format, CSV format, and JSON format

Chainsaw is available for free download on GitHub. The tool can be run on Linux, macOS and Windows.

