SHOP DFIR Gear

All proceeds from DFIR Merchandise go to Girls Who Code.

SANS DFIR Training

SANS DFIR Courses will teach you how to detect compromised systems, identify how and when a breech occurred, understand what attackers took or changed, and successfully contain and remediate incidents.

SIFT Workstation

SIFT Workstation is available to the digital forensics and incident response community as a public service. SIFT features powerful cutting-edge open-source tools that are freely available and frequently updated and can match any modern DFIR tool suite.

REMnux

REMnux® is a free Linux toolkit for assisting malware analysts with reverse-engineering malicious software. It strives to make it easier for forensic investigators and incident responders to start using the variety of freely-available tools that can examine malware, yet might be difficult to locate or set up.


SOF-ELK

The SOF-ELK platform is a customized build of the open source ELK stack, consisting of the Elasticsearch storage and search engine, Logstash ingestion and enrichment component, and the Kibana dashboard frontend.

EZ Tools

Incident Responders are on the front lines of intrusion investigations. Eric Zimmerman's Tools (EZ Tools) aim to support DFIR analysts in their quest to uncover the truth.