The DFIR.. what? For the last couple of years I have tinkered around a docker-compose configuration for launching DFIR investigation system. The original one was created with four components: ELK – ingesting all the data with all the visualisations PLASO – parse all the Windows evidence Chainsaw – parse evtx logs Hayabusa – parse...