Chainsaw vs Fibratus
GitHub Stats
About Chainsaw
Chainsaw is a tool for rapid forensic analysis of Windows artifacts such as event logs, Master File Table (MFT), and Shimcache leveraging Sigma rules. Developed in Rust, it provides efficient searching and threat hunting capabilities by parsing logs and artifacts to identify potential security incidents. Chainsaw is notable for its speed and ability to automate complex forensic tasks, aiding analysts in detecting and responding to threats quickly.
About Fibratus
Fibratus is a tool for exploration and tracing of the Windows kernel via Event Tracing for Windows (ETW). It captures process creation/termination, thread activity, file system operations, registry modifications, network connections, DLL loads, and driver events in real-time. Fibratus includes a rule engine for detecting suspicious behavior patterns (fileless malware indicators, persistence mechanisms, credential access). Events can be filtered with a powerful expression language and forwarded to Elasticsearch, AMQP, or console output. It provides deep kernel-level visibility for threat hunting, incident response, and understanding system behavior during malware detonation.
Platform Support
Tags
Shared
Chainsaw only
Fibratus only