About DFIR Toolkit

DFIR Toolkit is a collection of browser-based utilities for DFIR triage and incident response. Every tool runs entirely client-side — no data ever leaves your browser. The project is curated by Andrea Fortuna.

Who it is for

DFIR Toolkit is designed for SOC analysts, DFIR consultants, incident responders, blue teamers and security students who need fast, privacy-first triage utilities without setup overhead.

Why we built this

During incident response, analysts often need quick utility tools — timestamp converters, hash calculators, IOC extractors — but most online tools send data to remote servers, which is unacceptable when dealing with sensitive enterprise data.

DFIR Toolkit gives the security community a trustworthy, fast alternative: all computation happens in your browser using Web Crypto API, File API and client-side JavaScript.

Technical stack

• Next.js 16 (App Router) with React 19 and static prerendered pages
• TypeScript 5 and React client components
• Tailwind CSS for styling
• Web Workers for off-main-thread parsing and heavy tasks
• Optional WebAssembly (WASM) parsers loaded in-workers or via UI upload
• Web Crypto API for hashing and cryptographic operations
• dayjs for timestamp handling
• Vitest for unit tests (pcap parser tests included)
• Libraries: protobufjs, sql.js, and optional libyara-wasm integrations
• Build helpers: prebuild scripts generate sitemap and static build info (`lib/buildInfo.ts`)
• CSV export helpers and File API for local downloads
• Deployed on Cloudflare Pages (static hosting) — privacy-first client-side processing