Fight Fire With DFIRe

Fully-featured case management platform for SecOps, Incident Response, and Digital Forensics teams.

Track investigations, manage evidence with chain of custody, enrich threat indicators from leading intelligence providers, coordinate response with your team in Slack, and generate AI-assisted reports — all on your own infrastructure.

Get Started Free Learn More

90-day free trial. No credit card required.

Latest release: v1.4.3 · Changelog

DFIRe Dashboard Overview Case Evidence Tab Case Timeline Tab Case Actions Tab Case Compliance Tab Case Report Tab Settings: Storage Targets Global Search

Remain in control of your data. Self-deploy with no seat limitations.

DFIRe is a fully self-hosted solution. Deploy it on your own servers, behind your firewall, with your security policies. No incident data ever leaves your infrastructure.

  • Complete Data Sovereignty — Sensitive investigation data stays within your organization. No third-party cloud services handle your case files.
  • Air-Gapped Compatible — Works in isolated networks and high-security environments where internet connectivity is restricted or prohibited.
  • Your Database, Your Storage — Bring your own PostgreSQL database (self-hosted or managed DBaaS like Aiven, DigitalOcean, AWS RDS) and choose local filesystem, S3-compatible, SMB/CIFS, or SFTP storage for evidence files.
  • Regulatory Compliance — Meet data residency requirements and industry regulations by keeping evidence within your jurisdiction.
  • AI-Assisted, Human-Driven — Optional support for multiple LLM models over API for automated case report generation. Your investigation decisions remain fully transparent and explainable.
  • Immutable Audit Trail — Every action is captured in a fail-closed audit log; if the audit write fails, the operation is prevented. Entries can be forwarded to your SIEM for tamper-evident retention and independent compliance evidence.
Your Infrastructure
DFIRe Application
PostgreSQL Database
File Storage
Integrations
External (Optional)
Slack & Jira
Outbound Webhooks
SIEM / Audit Forwarding
IOC Enrichment Providers
TAXII / MISP Consumers
LLM API
MCP Clients

Built for SecOps and DFIR Professionals

Everything your team needs to manage forensic investigations and incident response workflows.

Case Management

Organize investigations with customizable case types, severity levels, and team assignments. Support for both triage investigations and escalating to incident response workflows.

Evidence & Chain of Custody

Track digital and physical evidence with hierarchical organization, configurable attributes, and an immutable chain-of-custody record with printable receipts. Procedural runbooks attach to evidence and actions so handling steps are documented and auditable.

Incident Timeline

Visual timeline for tracking incident phases, from detection through recovery. Guided response actions with phase-based checklists and automatic progress tracking. Connect webhooks with runbooks to automate common response activities.

Compliance Timers

Built-in tracking for regulatory reporting requirements like GDPR breach notifications. Customizable timer definitions, automatic reminders, and deadline tracking to ensure your legally mandated reporting obligations are met.

End-to-End Encryption

Encrypted Storage protects attachments up to 4 GB with AES-256 and a three-layer key hierarchy (tenant, case, and item keys), so data is unreadable even if the storage backend gets compromised. Larger forensic-scale files stream through the Direct Storage tier straight to a configurable backend without DFIRe-layer encryption.

Team Collaboration

Role-based access control with customizable permission groups for lead investigators, case members, and viewers. Slack integration for workflow management, inline action controls, and an in-channel AI assistant that answers questions and summarizes cases on demand.

Report Generation

Structured investigation reports with customizable sections, QA workflow, and markdown support. Auto-generated evidence inventories and timelines. Optional AI generation for CAN reports and individual sections using Anthropic, Gemini, Azure OpenAI, GitHub Models, or any OpenAI-compatible provider including local LLMs.

Webhooks & Integrations

Bidirectional Jira Cloud sync, outbound webhooks with templated payloads for SIEM and SOAR platforms, audit-log forwarding, and per-user API keys with full OpenAPI docs for automated case creation and any other integration.

SSO & Enterprise Auth

SSO integration via the OIDC standard, compatible with any OIDC provider including Google Workspace, Microsoft Entra ID, and other providers. Session management with instant revocation and IP tracking.

Threat Intelligence

Built-in IOC registry across all STIX 2.1 types with automatic enrichment from leading intelligence providers including VirusTotal, AbuseIPDB, Shodan, GreyNoise, MISP, urlscan, and Spur.us. Hierarchical decomposition, cross-case correlation, TAXII 2.1 server, and MISP-compatible feed for downstream consumers.

AI Assistance

Per-case AI assistant for summaries and Q&A in the web UI and Slack. Auto-generate CAN reports and structured report sections with the configured LLM provider. Built-in MCP server lets agents like Claude Code act as virtual responders with full RBAC and audit logging.

Backup & Recovery

AES-256-GCM encrypted database backups with configurable schedules, deep validation, and one-click restore. Per-target storage roles isolate backups from primary case storage.

See It in Action

Modern, intuitive interface designed for efficiency. Use the arrows or drag to browse.

Dashboard Overview Dashboard Overview
Case Report Tab Case Report Tab
Case Timeline Case Timeline
Case Actions & Workflows Case Actions & Workflows
Case Notes Case Notes
Encrypted Attachments Encrypted Attachments
Case Evidence Case Evidence
Evidence Item Detail Evidence Item Detail
Chain of Custody Chain of Custody
Compliance Timers Compliance Timers
Investigation Report Investigation Report
IOC Registry IOC Registry
IOC Enrichment IOC Enrichment
Add IOC Add IOC
Global Search Global Search
Playbook Designer Playbook Designer
Storage Targets Storage Targets
System Audit Log System Audit Log

Simple, Transparent Pricing

One license fee covers your entire deployment regardless of seat count, company size, or which features you use.

Pricing update — 1 July 2026: New annual licenses purchased on or after 1.7.2026 will be €9,900/year. Purchases completed before this date secure the current rate (€2,499) for year one, and first renewal 50% off at €4,950/year.

Annual License

2,499 EUR (VAT 0%)
per year
  • All features included
  • Unlimited users
  • Unlimited cases
  • Single production deployment
  • Can be converted to offline license
Purchase License

Start with a 90-day free trial. No credit card required.

Non-Commercial

Free
for eligible organizations on request
  • Eligible non-profit organizations
  • Non-commercial use
  • All features included
  • Unlimited users
  • Unlimited cases
Request Free License

Get Started in Minutes

Deploy DFIRe with Docker Compose. Self-hosted means your data stays on your infrastructure. The install script installs or upgrades DFIRe to the latest version automatically.

1

Download the installer

curl -fsSL https://dfire.fi/install.sh -o install.sh
2

Run the installation script

chmod +x install.sh && ./install.sh

The script will guide you through configuration and start the services.

3

Access your instance

https://your-server:443

Create your admin account and start investigating.

System Requirements

  • Docker 24.0+ and Docker Compose 2.20+
  • 4GB RAM minimum (8GB recommended)
  • 20GB disk space for application
  • Storage backend for evidence files (S3, SMB, SFTP, or local)
  • Linux, Windows, or macOS host
  • PostgreSQL 15+ for production — the installer bundles a local PostgreSQL container for testing, or connect a self-hosted or managed DBaaS

Manual Installation

For advanced deployments, custom configurations, or air-gapped environments, see the deployment documentation.

Get in Touch

Questions about DFIRe? We're here to help.