ENNAENNA

Fibratus

๐Ÿ”ฌ Digital Forensics ยท Go

Fibratus is a tool for exploration and tracing of the Windows kernel via Event Tracing for Windows (ETW). It captures process creation/termination, thread activity, file system operations, registry modifications, network connections, DLL loads, and driver events in real-time. Fibratus includes a rule engine for detecting suspicious behavior patterns (fileless malware indicators, persistence mechanisms, credential access). Events can be filtered with a powerful expression language and forwarded to Elasticsearch, AMQP, or console output. It provides deep kernel-level visibility for threat hunting, incident response, and understanding system behavior during malware detonation.

2.4kstars
208forks
40issues
Updated today
+I use this
View on GitHubOfficial Website

Installation

$ choco install fibratus

Use Cases

  • Real-time Windows kernel event monitoring
  • Threat hunting via behavioral detection rules
  • Incident response process and file activity tracing
  • Malware analysis with kernel-level visibility

Tags

etwkernel-tracingwindows-forensicsthreat-huntingevent-monitoringadversaryblueteamedrgolanginstrumentationmitrepythonsecuritywindowswindows-kernel

Details

Category
๐Ÿ”ฌ Digital Forensics
Language
Go
Platforms
๐ŸชŸwindows

Links

GitHub Repository

github.com/rabbitstack/fibratus

Official Website

www.fibratus.io

Releases

github.com/rabbitstack/fibratus/releases

Issues

github.com/rabbitstack/fibratus/issues

Sponsored

Your ad here

Reach security professionals and developers - ads@en-na.com

Community Reviews

Alternatives & Comparisons

Velociraptor

Go

Endpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.

Compare Fibratus vs Velociraptor

Chainsaw

Rust

Rapidly search and hunt through Windows forensic artifacts like event logs, MFT, and Shimcache using Sigma rules.

Compare Fibratus vs Chainsaw

Hayabusa

Rust

Windows event log fast forensics timeline generator and threat hunting tool with built-in Sigma rule support.

Compare Fibratus vs Hayabusa

osquery

C++

SQL-powered endpoint visibility. Query operating system state as a relational database for security monitoring and compliance.

Compare Fibratus vs osquery

More in Digital Forensics

Volatility 3

Python

Advanced memory forensics framework. Extracts artifacts from RAM dumps - processes, network connections, registry.

memoryram-dumpartifact-extraction

Autopsy

Java

Digital forensics platform with GUI. Disk image analysis, timeline analysis, keyword search, hash filtering.

disk-forensicsguitimeline

Ghidra

Java

NSA's reverse engineering framework. Disassembly, decompilation, graphing, and scripting for binary analysis.

reverse-engineeringdecompilerbinary-analysis

Binwalk

Python

Firmware analysis tool. Searches binary images for embedded files, executables, and file systems.

firmwarebinaryextraction

YARA

C

Pattern matching swiss knife for malware researchers. Create rules to identify and classify malware samples.

malwarepattern-matchingrules

Velociraptor

Go

Endpoint visibility and collection tool. Hunt for artifacts across thousands of endpoints simultaneously.

endpointhuntingdfir