DFIRe Documentation
Welcome to the DFIRe documentation. Learn how to deploy, configure, and use the platform for your digital forensics and incident response workflows.
Getting Started
Install DFIRe and create your first case in minutes.
Dashboard
Your central hub for managing cases, filtering, and monitoring.
Case Management
Create and manage forensic investigations and incidents.
Evidence Tracking
Track digital evidence with metadata and chain of custody.
Incident Response
Coordinate response with phases, actions, and timelines.
Indicators of Compromise
Capture, classify, enrich, and share IOCs with STIX 2.1 support.
Reports
Create structured investigation reports with QA workflows.
User Management
Add users, assign roles, and configure access control.
Integrations
Connect Slack, Jira, and external SIEM systems.
Deployment
Deploy DFIRe with Docker in production environments.
Changelog
Version history, new features, and release notes.
What is DFIRe?
DFIRe (Digital Forensics and Incident Response) is a self-hosted case management platform designed for forensic investigators and incident responders. It provides:
- Case Management - Organize investigations with customizable case types, severity levels, and team assignments
- Evidence Tracking - Track digital evidence with detailed metadata, chain of custody, and file attachments
- Incident Response - Coordinate response with phase-based workflows and guided action checklists
- IOC Management - Capture, classify, and enrich Indicators of Compromise with cross-case correlation and STIX 2.1 support
- Report Generation - Create structured investigation reports with QA workflows
- Compliance Tracking - Monitor regulatory deadlines like GDPR breach notifications
- Threat Intelligence Sharing - Publish indicators via TAXII 2.1 server and MISP-compatible feeds
- Team Collaboration - Work together with role-based access control and Slack integration
System Requirements
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4+ cores |
| RAM | 4 GB | 8+ GB |
| Storage | 20 GB | 100+ GB (depends on evidence volume) |
| Docker | 24.0+ | Latest stable |
| Docker Compose | 2.20+ | Latest stable |