Digital Forensics & Incident Response Platform

Comprehensive case management for DFIR professionals. Track investigations, manage evidence, coordinate incident response, and generate reports — all in one secure, self-hosted platform.

Get Started Free Learn More

30-day free trial. No credit card required.

DFIRe Evidence Management DFIRe Dashboard DFIRe Timeline DFIRe Incident Actions

Your Data. Your Infrastructure. Your Control.

DFIRe is a fully self-hosted solution. Deploy it on your own servers, behind your firewall, with your security policies. No incident data ever leaves your infrastructure.

  • Complete Data Sovereignty — Sensitive investigation data stays within your organization. No third-party cloud services handle your case files.
  • Air-Gapped Compatible — Works in isolated networks and high-security environments where internet connectivity is restricted or prohibited.
  • Your Database, Your Storage — Bring your own PostgreSQL database (self-hosted or managed DBaaS like Aiven, DigitalOcean, AWS RDS) and choose local filesystem, S3-compatible, or SMB/CIFS storage for evidence files.
  • Regulatory Compliance — Meet data residency requirements and industry regulations by keeping evidence within your jurisdiction.
  • No AI, No Black Boxes — Incidents are handled by humans, not computers. Your investigation decisions remain fully transparent and explainable.
Your Infrastructure
DFIRe Application
PostgreSQL Database
File Storage
Integrations
External (Optional)
Incoming Webhooks
Outgoing Webhooks
Slack Integration

Built for DFIR Professionals

Everything your team needs to manage forensic investigations and incident response workflows.

Case Management

Organize investigations with customizable case types, severity levels, and team assignments. Support for both traditional investigations and incident response workflows.

Evidence Tracking

Track digital and physical evidence with detailed metadata, chain of custody, legal ownership, and hierarchical organization. Customize your evidence types with configurable attributes.

Incident Timeline

Visual timeline for tracking incident phases, from detection through recovery. Guided response actions with phase-based checklists and automatic progress tracking.

Compliance Timers

Built-in SLA tracking for regulatory requirements like GDPR breach notifications. Automatic reminders and deadline tracking to ensure compliance.

End-to-End Encryption

AES-256 encryption for all file and image attachments with a three-layer key hierarchy. Per-case and per-item encryption keys ensure data isolation and secure deletion. Your data is unreadable even if the storage backend gets compromised.

Team Collaboration

Atomic role-based access control with customizable permission groups. Define granular rights for your team with lead investigators, case members, and viewers. Slack integration for collaboration, workflow management and notifications.

Report Generation

Structured investigation reports with customizable sections, QA workflow, and markdown support. Auto-generated evidence inventories and timelines.

Webhooks & Integrations

Outgoing webhooks for SIEM integration and notifications. Incoming webhooks allow SOAR platforms to create cases automatically.

SSO & Enterprise Auth

SSO integration via the OIDC standard, compatible with any OIDC provider including Google Workspace, Microsoft Entra ID, and Auth0. Session management with instant revocation and IP tracking.

See It in Action

Modern, intuitive interface designed for efficiency.

Dashboard view showing active cases Dashboard
Incident timeline with phase tracking Incident Timeline
Incident response action checklist Response Actions
Evidence item list with metadata Evidence Management
GDPR compliance timer tracking Compliance Timers
Investigation report editor Report Editor
Custom case type configuration Case Configuration
Webhook integration settings Webhook Integrations

Simple, Transparent Pricing

All features included. No per-user fees. No feature tiers.

Free Trial

Free
for 30 days
  • All features included
  • Unlimited users
  • Unlimited cases
  • Full encryption
  • No credit card required
Start Free Trial

Need more time? Contact contact@dfire.fi for an extended trial.

Most Popular

Annual License

2,499 EUR
per year
  • All features included
  • Unlimited users
  • Unlimited cases
  • Priority support
  • Software updates
Purchase License

Multi-Year

Save 15-25%
with longer terms
  • 2-year: 15% discount
  • 3-year: 25% discount
  • All features included
  • Price lock guarantee
  • Priority support
Contact Sales

Built with Modern Standards

Backend Django 6.0 + PostgreSQL
Frontend React 19 + TypeScript
Real-time WebSocket updates
Deployment Docker + Docker Compose
Encryption AES-256-GCM
Storage Local, S3, or SMB

Get Started in Minutes

Deploy DFIRe with Docker Compose. Self-hosted means your data stays on your infrastructure.

1

Download the installer

curl -fsSL https://dfire.fi/install.sh -o install.sh
2

Run the installation script

chmod +x install.sh && ./install.sh

The script will guide you through configuration and start the services.

3

Access your instance

https://your-server:443

Create your admin account and start investigating.

System Requirements

  • Docker 24.0+ and Docker Compose 2.20+
  • 4GB RAM minimum (8GB recommended)
  • 20GB disk space for application
  • Additional storage for evidence files
  • Linux, Windows, or macOS host
  • PostgreSQL 15+ database (self-hosted or managed DBaaS)

Manual Installation

For advanced deployments, custom configurations, or air-gapped environments, see the deployment documentation.

Get in Touch

Questions about DFIRe? We're here to help.