Skip to content

Release history

DFIR ORC releases

DFIR ORC is a collection of specialized tools dedicated to reliably parse and collect critical artifacts such as the MFT, registry hives or event logs. DFIR ORC collects data, but does not analyze it: it is not meant to triage machines. It provides a forensically relevant snapshot of machines running Microsoft Windows. The code can be found on GitHub.

Back to tool Latest release

All releases

2 shown

No immediate action
v10.3.1 Bugfix

Memory usage fix

Open
Review required
v10.3.0 Breaking risk
Auth Dependencies

OrcCapsule, WolfLauncher multi-instance, ToolEmbed /embed

Open

Beta — feedback welcome: [email protected]