Targeted Function Tool
Log Parsing/Analysis
  • $MFT
  • Amcache
  • Registry
  • Shim
  • SRUM

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows forensic artefacts such as Event Logs and the MFT file. Chainsaw offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in support for Sigma detection rules, and via custom Chainsaw detection rules.