DFIR ORC

Forensics & Incident Response

DFIR ORC is a collection of specialized tools dedicated to reliably parse and collect critical artifacts such as the MFT, registry hives or event logs. DFIR ORC collects data, but does not analyze it: it is not meant to triage machines. It provides a forensically relevant snapshot of machines running Microsoft Windows. The code can be found on GitHub.

Track releases GitHub Website

C++ Latest v10.3.1 · 2d ago Security brief →

Recent releases

View all 2 releases →

No immediate action

v10.3.1 Bugfix 2d

Memory usage fix

Open

Review required

v10.3.0 Breaking risk 2mo

Auth Dependencies

OrcCapsule, WolfLauncher multi-instance, ToolEmbed /embed

Open

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Releases

View all →

Releases per week

Apr 17

Apr 24

May 1

May 8

May 15

May 22

May 29

Jun 5

Jun 12

Cadence 0.2 / wk

Last release 2d

Tracked 2

Community

GitHub stars 439

Forks 49

Contributors 90d 2

Open issues 10

Open PRs 1

Stars/wk velocity 0.0

About

Stars

439

Forks

Languages

C++ CMake PowerShell

View on GitHub Homepage Documentation

Install & Platforms

Install via

winget

Platforms

windows

Similar tools

NullSec LogReaper

WELA

Dissect

Acquire

grr