About DFIR Toolkit
DFIR Toolkit is a collection of browser-based utilities for DFIR triage and incident response. Every tool runs entirely client-side — no data ever leaves your browser. The project is curated by Andrea Fortuna.
Privacy-first
No uploads, no tracking, no accounts required.
DFIR-oriented
Built for SOC analysts, incident responders and blue team workflows.
Open workflow
Transparent logic using standard browser APIs.
Who it is for
DFIR Toolkit is designed for SOC analysts, DFIR consultants, incident responders, blue teamers and security students who need fast, privacy-first triage utilities without setup overhead.
Why we built this
During incident response, analysts often need quick utility tools — timestamp converters, hash calculators, IOC extractors — but most online tools send data to remote servers, which is unacceptable when dealing with sensitive enterprise data.
DFIR Toolkit gives the security community a trustworthy, fast alternative: all computation happens in your browser using Web Crypto API, File API and client-side JavaScript.
Technical stack
- Next.js 16 (static export)
- Tailwind CSS
- TypeScript
- Web Crypto API for hashing
- dayjs for timestamp parsing
- Deployed on Cloudflare Pages