chainsaw
« Back to VersTracker
Description:
Rapidly Search and Hunt through Windows Forensic Artefacts
Type: Formula  |  Latest Version: 2.13.1@0  |  Tracked Since: Dec 17, 2025
Links: Homepage  |  formulae.brew.sh
Category: Security
Tags: forensics windows security threat-hunting analysis
Install: brew install chainsaw
About:
Chainsaw is a command-line forensic analysis tool designed to rapidly search and hunt through Windows forensic artefacts. It provides a simplified query syntax to filter and analyze EVTX logs, registry hives, and other data sources. The tool's main value proposition is its speed and ability to quickly identify malicious activity or anomalies in large datasets.
Key Features:
  • Fast, pattern-based searching across EVTX and registry files
  • Simplified query syntax that doesn't require complex KQL or regex knowledge
  • Built-in detection rules for common threats and attacker techniques
  • Structured output for easy parsing and reporting
Use Cases:
  • Incident response triage to quickly identify compromised Windows endpoints
  • Threat hunting to search for specific indicators of compromise (IOCs) or TTPs
  • Forensic analysis of disk images or live system artefacts
Alternatives:
  • PowerShell – More flexible for scripting but slower and more verbose for complex log analysis
  • Elastic Stack (ELK) – More powerful for long-term aggregation and visualization but requires significant setup and resources
License: GPL-3.0-only
Bottles available for: arm64_tahoe, arm64_sequoia, arm64_sonoma, sonoma, arm64_linux, x86_64_linux
Version History
Detected Version Rev Change Commit
Oct 4, 2025 10:51am 0 VERSION_BUMP 0a615947
Sep 13, 2025 7:58am 0 VERSION_BUMP 382fed7f
Dec 28, 2024 7:53pm 0 VERSION_BUMP cca3993c
Dec 22, 2024 9:43am 0 VERSION_BUMP 35d9d1f1
Oct 27, 2024 6:28pm 0 VERSION_BUMP 8168312c
« Back to VersTracker  |  Browse Packages  |  About