Chainsaw Versions Save

Rapidly Search and Hunt through Windows Forensic Artefacts

v2.9.0

2 weeks ago

This release contains the following changes of note:

  • More native rules
  • Ability to change default conditional when searching
  • Fix for setting of timezones

v2.8.1

5 months ago

This release contains the following changes of note:

  • Fixes and tweaks for SRUM
  • Updated dependencies

v2.8.0

6 months ago

This release contains the following changes of note:

  • Support for parsing ESE databases and analysing SRUM databases
  • New Chainsaw rules
  • Full output support for aggregations

v2.7.3

8 months ago

This release contains the following changes of note:

  • New Chainsaw rules
  • Fixing JSONL outputting issues for dump and search
  • Updated dependencies

v2.7.2

9 months ago

This release contains the following changes of note:

  • More optimisations
  • Fix some issues with -t arguments

v2.7.1

9 months ago

This release contains the following changes of note:

  • Fix mutually exclusive command line options -c can only be used with --jsonl
  • Error if caching file cannot be created
  • Make thread count is respected everywhere
  • Better handling of sigma rules (warn on unknown modifiers, and support base64 conversions)
  • additional optimisations to jsonl output

v2.7.0

9 months ago

This release contains the following changes of note:

  • Add cache to disk support for JSONL output
  • Add file path to CSV output
  • Fix for newline output issue in tabluar output
  • Rule loading warnings should highlight output as a warning
  • Tweaks and improvements to mappings and rules

v2.6.2

11 months ago

This release contains the following changes of note:

  • Adds array indexing support to key identifiers (tau-engine), which also fixes some chainsaw rules...

v2.6.1

11 months ago

This release contains the following changes of note:

  • Fix hunts not running on .jsonl files
  • Bring in some false positive reduction for the default Sigma rules mapping file

v2.6.0

1 year ago

This release contains the following changes of note:

  • A new feature for creating execution timelines using shimcache artifacts with optional amcache enrichment
  • Added functionality to parse Windows registry hive files
  • Fixed missing check make sure that path is not a file when using csv to prevent time wasting
  • Upgraded to the new Tau engine that has full support for floats