Skip to content

Fastfinder

Forensics & Incident Response

A lightweight incident response tool for threat hunting, forensic triage, and rapid suspicious file discovery on Windows and Linux

Track releases GitHub
Go Latest 3.6.0 · 4mo ago Security brief →

Features

  • Path‑based detection via pattern matching of file paths and names
  • Hash verification supporting MD5, SHA1, and SHA256 checksums
  • Content analysis with simple string grep and advanced YARA rule evaluation
  • Native support for both Windows and Linux platforms

Recent releases

View all 2 releases →
3.6.0 New feature
Notable features
  • Memory scan capability
  • Cross-architecture compilation (x86/x64/arm)
  • YAML configuration verifier
Full changelog

What's Changed

Features

  • Memory scan capability
  • cross-architecture compilation (x86/x64/arm)
  • YAML configuration verifier
  • Folder scanning limited to config. selected paths when there is no regex/wilcard directories
  • Enhanced logging and log forwarding

Bugs and stability

  • Better unit testing
  • Fix some path enumerations issues
  • Fix a regression with INIT log not showing on console with some configuration attributes disabled
  • Code refactoring
View release on GitHub
3.0.0 Breaking risk
Breaking changes
  • Minimum required Go version raised to 1.24
  • Minimum required YARA version raised to 4.5.5
Notable features
  • 30% faster file scan using parallel jobs
  • New GitHub Actions workflow .github/workflows/docker_build.yml for Docker-based multi‑platform builds and tests (Linux & Windows)
  • Documentation overhaul: new README.linux-compilation.md with step‑by‑step Linux compilation guide and major updates to README.md including Docker instructions
Full changelog

Performance improvements
30% faster file scan with parrallel jobs

Build Automation & CI Improvements

  • Added a new GitHub Actions workflow .github/workflows/docker_build.yml to automate Docker-based multi-platform builds and tests, including builder, runtime, and docker-compose validation for both Linux and Windows targets.
  • Updated go_build_linux.yml and go_build_windows.yml workflows to use Go 1.24, install YARA v4.5.5, and run unit tests during CI, ensuring modern build environments and improved reliability. [1] [2]

Documentation Overhaul

  • Completely rewrote README.linux-compilation.md with a detailed, step-by-step guide for compiling FastFinder on Linux, including prerequisites, YARA build instructions, CGO configuration, troubleshooting, and Fedora-specific workarounds.
  • Major update to README.md with clearer project overview, platform badges, installation instructions (including Docker and source builds), improved usage documentation, and screenshots for better onboarding.

Platform Support & Dependency Updates

  • Upgraded minimum required Go version to 1.24 and YARA to 4.5.5 across all build scripts and documentation, ensuring compatibility with modern systems and improved performance. [1] [2] [3] [4]

Testing Enhancements

  • Added explicit unit test steps to CI workflows for both Linux and Windows, improving code quality and catching platform-specific issues early. [1] [2]

Docker & Cross-Platform Build Improvements

  • Provided Docker-based build and runtime instructions in documentation and CI, enabling users to build and run FastFinder without installing any dependencies directly, greatly simplifying setup for all platforms. [1] [2]
View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

About

Stars
255
Forks
28
Languages
Go PowerShell Shell
View on GitHub

Install & Platforms

Install via
binary docker
Platforms
windows linux

Similar tools

CAPA
Rizin
CyberChef
harbor
tomohiro-owada/devrag

Beta — feedback welcome: [email protected]