Collection of the most popular and widely used open-source forensic tools in a lightweight and fast docker image.
Focus what on what matters the most! Memory (volatility), registry (regripper), filesystem (sleuthkit).
Volatility comes with SANS plugins to help you speed up your investigations.
Wait! It's dangerous to go alone!
Make sure you have the Docker engine installed. Click here for detailed installation instructions.
Build the image with one of the following ways :
Build from Docker registry (Recommended)
sudo docker pull nov3mb3r/dfir
Simple isn't it?
To run created image :
sudo docker run -it nov3mb3r/dfir /bin/ash
Access your case files with a shared folder between your working directory and the container.
Preserve the authenticity of your evidence: Make sure you don't tamper with the data, by granting read only permissions to the container.
$ sudo docker run -it -v ~/cases:/cases:ro nov3mb3r/dfir /bin/ash