Skip to content

dfirvault/ForensIQ

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
ForensIQ.py
ForensIQ.py
 
 
ForensIQLauncher.bat
ForensIQLauncher.bat
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

1513a619-6193-4a40-ae8d-f9019696df76 (1)

ForensIQ

ForensIQ is a fast, accurate, and modern digital forensics automation tool designed for incident responders, DFIR analysts, and cybersecurity investigators. This redesigned version focuses on speed, accuracy, and improved usability while maintaining powerful forensic capabilities. This tool requires an Ollama service running locally or on a computer that your Windows computer can connect to. Installing Ollama is very simple and easy. For this tool, just input the IP of the device that runs your Ollama LLM (local or remote).

🚀 Features

  • Faster Analysis: Optimized for speed to process large datasets efficiently.
  • Accurate Investigations: Enhanced detection and parsing for forensic artifacts.
  • Multi-Format Support: Handles multiple file types and system logs seamlessly.
  • Command-Line Friendly: Fully scriptable for automation and integration into workflows.
  • Detailed Reporting: Generates structured outputs for easy review and incident documentation.
  • Intuitive Logging: Logs actions, errors, and results for audit and troubleshooting.
  • Extensible: Modular design allows adding new parsing modules and data sources.

🛠 Installation

  1. Clone the repository:
git clone https://github.com/dfirvault/ForensIQ.git
cd ForensIQ
  1. Install dependencies:
pip install --upgrade langchain langchain-community langchain-ollama langchain-huggingface sentence-transformers chromadb pandas streamlit python-evtx

or launch the batch script: https://github.com/dfirvault/ForensIQ/blob/main/ForensIQLauncher.bat

  1. Run the tool:
python streamlit run Forensiq.py

or launch the batch script: https://github.com/dfirvault/ForensIQ/blob/main/ForensIQLauncher.bat

⚡ Usage

supports single or multiple files, or you can point it to a local folder where it will automatically identify and queue all available logs.

image

📝 Output

  • JSON Reports: Structured forensic data.
  • CSV Summaries: Quick overview of findings.
  • Logs: Detailed logging for reproducibility and audits.

🔧 Requirements

  • Python 3.11+
  • pip package manager
  • Supported only on Windows (Sorry *nix users)

📂 Supported Platforms

  • Windows

🌐 Contributing

Contributions are welcome! Please follow these steps:

  1. Fork the repository.
  2. Create a new branch (git checkout -b feature-name).
  3. Make your changes.
  4. Submit a pull request.

📄 License

This project is licensed under the MIT License. See the LICENSE file for details.

📬 Contact

For support or inquiries, please open an issue on GitHub or contact the maintainer at [[email protected]].

About

A DFIR Incident Response AI bot using local Ollama LLM to derrive automated findings from logs

dfirvault.com

Topics

incident-response dfir digital-forensics triage live-response windows-forensics forensics-tools llm ollama dfirvault ir-tools dfir-ai dfir-llm

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 3

v0.3 Latest
Nov 6, 2025
+ 2 releases

Packages

No packages published

Languages