FastIR Collector
Collects Windows forensic artifacts to detect early system compromises through analysis of live data.
What is FastIR Collector?
FastIR Collector is a Windows live forensics tool that collects system artifacts from running machines and records them in CSV or JSON files. It helps security analysts detect early system compromises by analyzing artifacts like registry entries, memory contents, filesystem data, and network information. The tool organizes collection into modular packages for targeted investigations.
Security analysts, incident responders, and forensic investigators who need to collect evidence from Windows systems during live investigations. It's particularly valuable for teams monitoring for advanced threats and compromise indicators.
Developers choose FastIR Collector for its comprehensive Windows artifact collection capabilities, modular package system, and ability to output structured data ready for analysis. It provides a focused alternative to broader forensic suites by specializing in early compromise detection through systematic artifact gathering.
Overview
FastIR Collector is a Windows live forensics tool that gathers system artifacts and records them in CSV or JSON files for analysis. It enables security professionals to detect early signs of compromise by examining various system components and user activities.
Key Features
- Artifact Collection — Extracts forensic data from filesystem, registry, memory, network, and system health components
- Modular Packages — Organized collection modules (fs, health, registry, memory, dump, FileCatcher) for targeted investigations
- Custom Profiles — Allows creation of custom extraction profiles to focus on specific artifacts
- Multiple Output Formats — Supports CSV and JSON outputs for compatibility with analysis tools
- FileCatcher Module — Includes Yara rules and mime-type filtering for targeted file collection
- System Dumps — Capability to capture MFT, RAM, disk, registry, and SAM dumps for deep analysis
Philosophy
FastIR Collector was designed to provide a comprehensive, modular approach to Windows live forensics, enabling security teams to quickly gather evidence and identify compromise indicators before attackers can cover their tracks.
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
