Skip to content
/ dfir Public

Collection of popular DFIR tools in a lightweight and fast docker image

License

GPL-2.0 license
9 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nov3mb3r/dfir

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

dfir

Collection of the most popular and widely used open-source forensic tools in a lightweight and fast docker image.

Overview

Focus what on what matters the most! Memory (volatility), registry (regripper), filesystem (sleuthkit).

Volatility comes with extra community plugins to speed up your investigations.

The Docker image is based on Alpine Linux, the most lightweight linux container distribution. Kudos to the SANS team, providing some of the tools

Install Docker

Wait! It's dangerous to go alone!

Make sure you have the Docker engine installed. Click here for detailed installation instructions.

Build from Docker registry (Recommended)

Just :

sudo docker pull nov3mb3r/dfir

Simple isn't it?

Run

To deploy a container from the created image :

sudo docker run -it nov3mb3r/dfir /bin/ash

Access your case files with a shared folder between your working directory and the container.

Make sure you don't spoil your evidence files, by granting read-only permissions to the container.
$ sudo docker run -it -v ~/cases:/cases:ro nov3mb3r/dfir /bin/ash

About

Collection of popular DFIR tools in a lightweight and fast docker image

Topics

docker forensics memory-analysis volatility sleuthkit registry-analysis disk-analysis

Resources

Readme

License

GPL-2.0 license
Activity

Stars

9 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages