Posts

Streamline Malware Hash Search with FOSSOR

We’ve all encountered this scenario: you’re reading a threat report from CISA or Microsoft and come across hashes related to a malware infection. You start copying these hashes and head to one of your favorite virus repositories to check if there’s a source available for download so you can analyze the malware yourself. Unfortunately, you…

by Doug Metz February 10, 2026February 10, 2026

Enhancing Malware Analysis with REMnux and AI

Those familiar with my work know that I’m a big fan of the REMnux Linux distribution for malware analysis. When I developed MalChela, I included a custom configuration that can be invoked that not only includes the MalChela tool suite but also integrates many of the CLI tools installed in REMnux, providing an easy-to-use GUI.…

by Doug Metz February 9, 2026

2025 Year in Review: Open Source DFIR Tools and Malware Analysis Projects

In 2025, significant advancements in DFIR toolkit development were achieved, including the evolution of MalChela for malware analysis, streamlined CyberPipe tools, and the introduction of Toby, a portable forensics platform. The focus was on creating practical solutions for digital forensics professionals, with all tools available as open-source on GitHub. #DFIR #MalwareAnalysis #OpenSource

by Doug Metz December 5, 2025

CyberPipe-Timeliner: From Collection to Timeline in One Script

CyberPipe-Timeliner was developed in response to a colleague’s query about integrating Magnet Response collections with ForensicTimeliner. This tool automates the workflow, transforming collection data into a unified forensic timeline. With features like date filtering and flexible input options, it streamlines the timeline generation process, making it efficient and user-friendly. #DFIR

by Doug Metz November 5, 2025November 5, 2025

CyberPipe v5.3: Enhanced PowerShell Compatibility and Reliability

I’m pleased to announce the release of CyberPipe v5.3, bringing critical compatibility improvements for Windows PowerShell 5.1 and enhanced reliability across all PowerShell environments. The Problem After releasing v5.2 with the new unified banner design, several users reported an interesting issue: CyberPipe would execute perfectly in PowerShell Core, but in Windows PowerShell 5.1, the script would…

by Doug Metz November 4, 2025

Streamline Digital Evidence Collection with CyberPipe 5.2

CyberPipe, developed for incident response, is a PowerShell script facilitating efficient digital evidence collection in enterprise settings. Recent updates include improved collection methods, capabilities like QuickTriage for faster artifact gathering, and enhanced reliability with advanced error handling. Version 5.2 aims to streamline operations while ensuring forensic integrity and transparency. #DFIR

by Doug Metz October 16, 2025October 16, 2025

Cross-Platform DFIR Tools: MalChelaGUI on Windows

A trick and a treat this week with a quiet milestone for cross-platform DFIR tooling — MalChelaGUI now runs seamlessly inside Windows through Ubuntu WSL2, with zero configuration required. #DFIR #MalwareAnalysis

by Doug Metz October 7, 2025October 7, 2025

Is your USB device slowing down your forensic investigation?

In digital forensics, reliable storage is essential for effective workflows. Crabwise, a USB benchmarking utility, addresses performance variability by calculating read and write speeds under direct conditions, bypassing caching. It logs results for easy comparison, allowing users to optimize connections. This tool ensures informed decisions on hardware setups, improving efficiency and consistency in forensics tasks.

by Doug Metz August 27, 2025

Enhance Threat Hunting with MITRE Lookup in MalChela 3.0.2

The recent update of MalChela 3.0.2 introduces MITRE Lookup, a tool that allows forensic investigators to search the MITRE ATT&CK framework offline. This feature enhances investigation speed by supporting keyword and Technique ID searches while providing tactic categories and detection guidance. Users can save results directly for future reference, enhancing analysis efficiency.

by Doug Metz August 2, 2025August 2, 2025

Toby-Find: Simplifying Command-Line Forensics Tools

Toby-Find is a terminal-based tool designed for digital forensics, providing users with an easy way to discover command-line tools available in KALI and REMnux. Initially created for a university course, it allows quick searches for tools, descriptions, and examples, enhancing usability in forensic analysis without memorization or manual searching.

Follow My Blog