Digital Forensics & Incident Response Platform

Comprehensive case management for DFIR professionals. Track investigations, manage evidence, coordinate incident response, and generate reports — all in one secure, self-hosted platform.

Get Started Free Learn More

90-day free trial. No credit card required.

Latest release: v1.2.4 · Changelog

DFIRe Dashboard Overview Case Evidence Tab Case Timeline Tab Case Actions Tab Case Compliance Tab Case Report Tab Settings: Case Types Search Results

Your Data. Your Infrastructure. Your Control.

DFIRe is a fully self-hosted solution. Deploy it on your own servers, behind your firewall, with your security policies. No incident data ever leaves your infrastructure.

  • Complete Data Sovereignty — Sensitive investigation data stays within your organization. No third-party cloud services handle your case files.
  • Air-Gapped Compatible — Works in isolated networks and high-security environments where internet connectivity is restricted or prohibited.
  • Your Database, Your Storage — Bring your own PostgreSQL database (self-hosted or managed DBaaS like Aiven, DigitalOcean, AWS RDS) and choose local filesystem, S3-compatible, or SMB/CIFS storage for evidence files.
  • Regulatory Compliance — Meet data residency requirements and industry regulations by keeping evidence within your jurisdiction.
  • AI-Assisted, Human-Driven — Optional support for multiple LLM models over API for automated case report generation. Your investigation decisions remain fully transparent and explainable.
Your Infrastructure
DFIRe Application
PostgreSQL Database
File Storage
Integrations
External (Optional)
Incoming Webhooks
Outgoing Webhooks
Slack Integration
Audit Log Storage
IOC Enrichment
Jira Items
LLM API

Built for DFIR Professionals

Everything your team needs to manage forensic investigations and incident response workflows.

Case Management

Organize investigations with customizable case types, severity levels, and team assignments. Support for both traditional investigations and incident response workflows.

Evidence Tracking

Track digital and physical evidence with detailed metadata, chain of custody, legal ownership, and hierarchical organization. Customize your evidence types with configurable attributes.

Incident Timeline

Visual timeline for tracking incident phases, from detection through recovery. Guided response actions with phase-based checklists and automatic progress tracking.

Compliance Timers

Built-in SLA tracking for regulatory requirements like GDPR breach notifications. Automatic reminders and deadline tracking to ensure compliance.

End-to-End Encryption

AES-256 encryption for all file and image attachments with a three-layer key hierarchy. Per-case and per-item encryption keys ensure data isolation and secure deletion. Your data is unreadable even if the storage backend gets compromised.

Team Collaboration

Atomic role-based access control with customizable permission groups. Define granular rights for your team with lead investigators, case members, and viewers. Slack integration for collaboration, workflow management and notifications.

Report Generation

Structured investigation reports with customizable sections, QA workflow, and markdown support. Auto-generated evidence inventories and timelines.

View Example Report →

Webhooks & Integrations

Outgoing webhooks for SIEM integration and notifications. Incoming webhooks allow SOAR platforms to create cases automatically.

SSO & Enterprise Auth

SSO integration via the OIDC standard, compatible with any OIDC provider including Google Workspace, Microsoft Entra ID, and Auth0. Session management with instant revocation and IP tracking.

See It in Action

Modern, intuitive interface designed for efficiency.

Dashboard Overview Dashboard Overview
Case Evidence Tab Case Evidence Tab
Case Timeline Tab Case Timeline Tab
Case Actions Tab Case Actions Tab
Case Compliance Tab Case Compliance Tab
Case Report Tab Case Report Tab
Settings: Case Types Settings: Case Types
Search Results Search Results

Simple, Transparent Pricing

All features included. No per-user fees. No feature tiers.

Annual License

2,499 EUR (VAT 0%)
per year
  • All features included
  • Unlimited users
  • Unlimited cases
  • Single deployment
  • Can be converted to offline license
Purchase License

Start with a 90-day free trial. No credit card required.

Non-Commercial

Free
for eligible organizations on request
  • Eligible non-profit organizations
  • Non-commercial use
  • All features included
  • Unlimited users
  • Unlimited cases
Request Free License

Built with Modern Standards

Backend Django 6.0 + PostgreSQL
Frontend React 19 + TypeScript
Real-time WebSocket updates
Deployment Docker + Docker Compose
Encryption AES-256-GCM
Storage Local, S3, or SMB

Get Started in Minutes

Deploy DFIRe with Docker Compose. Self-hosted means your data stays on your infrastructure. The install script installs or upgrades DFIRe to the latest version automatically.

1

Download the installer

curl -fsSL https://dfire.fi/install.sh -o install.sh
2

Run the installation script

chmod +x install.sh && ./install.sh

The script will guide you through configuration and start the services.

3

Access your instance

https://your-server:443

Create your admin account and start investigating.

System Requirements

  • Docker 24.0+ and Docker Compose 2.20+
  • 4GB RAM minimum (8GB recommended)
  • 20GB disk space for application
  • Additional storage for evidence files
  • Linux, Windows, or macOS host
  • PostgreSQL 15+ database (self-hosted or managed DBaaS)

Manual Installation

For advanced deployments, custom configurations, or air-gapped environments, see the deployment documentation.

Get in Touch

Questions about DFIRe? We're here to help.