View Issue Details

IDProjectCategoryView StatusLast Update
0007550Kali LinuxQueued Tool Additionpublic2023-03-27 11:32
Reporterdoublezero Assigned To 
Status acknowledgedResolutionopen 
Summary0007550: Chainsaw - Windows Event Log Parser (DFIR)

Name - Chainsaw
Version - Latest
Homepage -
Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules.

Install -
You can find pre-compiled versions of chainsaw in the releases section of this Github repo, or you can clone the repo (and the submodules) by running: git clone --recurse-submodules

You can then compile the code yourself by running: cargo build --release. Once the build has finished, you will find a copy of the compiled binary in the target/release folder.

Make sure to build with the --release flag as this will ensure significantly faster execution time.




2022-03-25 13:40

administrator   ~0015937

@kali-team, please could this be packaged up.
@author, If you want to help the packaging process, you can check the documentation here ~

Issue History

Date Modified Username Field Change
2022-01-29 01:56 doublezero New Issue
2022-03-25 13:40 g0tmi1k Note Added: 0015937
2022-03-25 13:40 g0tmi1k Category New Tool Requests => Queued Tool Addition
2022-05-04 12:54 g0tmi1k Status new => acknowledged