Overview
Chronos-DFIR is a comprehensive forensic timeline explorer and Digital Forensics & Incident Response (DFIR) analysis platform. It ingests multi-format evidence from various sources, applies advanced threat detection using Sigma and YARA rules, and renders interactive timelines with risk-scored intelligence.Quick Start
Get up and running with Chronos-DFIR in minutes
Installation
Install and configure Chronos-DFIR for your environment
Evidence Ingestion
Learn how to ingest forensic artifacts and logs
API Reference
Explore the complete API documentation
Key Features
Multi-Format Ingestion
Ingest EVTX, MFT, CSV, XLSX, JSON, Plist, and more with streaming support for 6GB+ files
Timeline Analysis
Interactive timeline visualization with intelligent time bucketing and anomaly detection
Threat Detection
Real-time detection with 86+ Sigma rules and 7 YARA rule sets covering MITRE ATT&CK
Advanced Exports
Export to PDF, HTML, CSV, XLSX, and JSON with forensic integrity preservation
Detection Capabilities
Sigma Rules
86+ detection rules covering all MITRE ATT&CK tactics
YARA Rules
7 rule sets for ransomware, C2, and malware detection
MITRE ATT&CK
Automatic TTP mapping and kill chain visualization
Architecture
Built with a modern, high-performance stack:- Backend: Python 3.12+ with FastAPI and uvicorn
- Data Engine: Polars vectorized processing with PyArrow
- Frontend: Tabulator.js with virtual DOM and Chart.js visualization
- Detection: Sigma YAML and YARA rules with offline-first processing
Learn More About Architecture
Dive deep into the technical architecture and design decisions