Chainsaw

Forensics & Incident Response

A fast Rust-based tool for rapidly searching Windows forensic artefacts like Event Logs and extracting insights using Sigma or custom detection rules

Track releases GitHub

Rust Latest v2.16.0 · 25d ago Security brief →

Features

Hunt threats with Sigma and custom Chainsaw detection rules
Search event logs via keyword, regex, and string matching
Create execution timelines from Shimcache and Amcache data
Analyse SRUM database for usage insights
Dump raw forensic artefacts (MFT, registry hives, ESE databases)
Lightning‑fast performance thanks to Rust implementation

Recent releases

View all 4 releases →

v2.16.0 New feature 25d

Notable features

Adds an EVTX summary command

Full changelog

This release contains the following changes of note:

Adds an EVTX summary command (https://github.com/WithSecureLabs/chainsaw/pull/231)
Brings in some fixes from the MFT library (https://github.com/WithSecureLabs/chainsaw/issues/211)

View release on GitHub

v2.15.0 New feature 1mo

Notable features

Gap analysis to detect potential gaps in event logs

Full changelog

This release contains the following changes of note:

A new type of analysis, gap analysis which will look for potential gaps in event logs, thanks to @Fuzzdkk (#228).
Bumps dependencies.

View release on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per month

Cadence 0.2 / wk

Last release 25d

Tracked 4

Security

Full profile →

Security score 7.8/10

OpenSSF —

Open CVEs 0

Active maintainer

Community

GitHub stars 3,558

Forks 299

Open issues 4

Open PRs 0

Stars/wk velocity 0.0

About

Stars

3,558

Forks

299

Languages

Rust Nix

View on GitHub

Install & Platforms

Platforms

linux macos windows

Similar tools

WELA

VAST

NullSec LogReaper

Hayabusa

GlobaLeaks