DFIRe Documentation
Welcome to the DFIRe documentation. Learn how to deploy, configure, and use the platform for your digital forensics and incident response workflows.
Getting Started
Install DFIRe and create your first case in minutes.
Case Management
Create and manage forensic investigations and incidents.
Evidence Tracking
Track digital evidence with metadata and chain of custody.
Incident Response
Coordinate response with phases, actions, and timelines.
User Management
Add users, assign roles, and configure access control.
Deployment
Deploy DFIRe with Docker in production environments.
What is DFIRe?
DFIRe (Digital Forensics and Incident Response) is a self-hosted case management platform designed for forensic investigators and incident responders. It provides:
- Case Management - Organize investigations with customizable case types, severity levels, and team assignments
- Evidence Tracking - Track digital evidence with detailed metadata, chain of custody, and file attachments
- Incident Response - Coordinate response with phase-based workflows and guided action checklists
- Report Generation - Create structured investigation reports with QA workflows
- Compliance Tracking - Monitor regulatory deadlines like GDPR breach notifications
- Team Collaboration - Work together with role-based access control and Slack integration
System Requirements
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4+ cores |
| RAM | 4 GB | 8+ GB |
| Storage | 20 GB | 100+ GB (depends on evidence volume) |
| Docker | 24.0+ | Latest stable |
| Docker Compose | 2.20+ | Latest stable |