Application Logs Analyzer
This worker analyzes application log files that can be used to identify potential security issues.
OpenRelik Workers
Discover and integrate community-driven workers for your forensic investigations
Bulkextractor
Extracts structured information such as email addresses, credit card numbers, JPEGs and JSON snippets without parsing the file system or file system structures.
Capa
Detect capabilities in executable files.
Chrome Credentials Analyser
Analyse stored Chrome Credentials
Compute byte entropy for files.
Computes byte entropy, flags files with entropy over a certain threshold.
Config file analyzer
This worker analyzes configuration files can be used to identify potential security issues, misconfigurations, and other anomalies.
dfIndexeddb
Experimental Python tool for performing digital forensic analysis of IndexedDB and LevelDB files.
File Extraction
Extract files from disk images and archive files.
FLARE Obfuscated String Solver (FLOSS)
The FLARE Obfuscated String Solver uses advanced static analysis techniques to automatically extract and deobfuscate all strings from malware binaries.
Grep
Grep based on supplied pattern.
LLM Prompter
Take any files that can be read as UTF-8 and run a prompt on it.
Plaso
Create super timelines from disk images and other data sources.
Strings
Extract strings from files.
Timesketch
Export Plaso and compatible CSV/JSON files to Timesketch.
AmCache-EvilHunter
Runs AmCache-EvilHunter to parse Windows Amcache.hve.
Elasticsearch
Export workflow worker results into an Elasticsearch index.
EvtxECmd Worker
Runs EZTools EvtxECmd against evtx files
EZTools Execution Worker
Runs Eric Zimmerman's Tools (PECmd, LECmd, AmcacheParser and AppCompatCacheParser) against filetree consistent archives (like KAPE .zip images).
EZTools FileFolder Worker
Runs Eric Zimmerman's Tools (RBCmd, JLECmd, SBECmd, RecentFileCacheParser) against filetree consistent archives (like KAPE .zip images).
Hayabusa
Windows event log fast forensics timeline generator and threat hunting tool.
Hindsight
Parses browser artifacts with Hindsight from a supplied ZIP archive and a provided profile browser path .
Kusto Ingest Worker
Ingests CSV files into a Kusto cluster table using streaming.
MFTECmd Worker
Runs EZTools MFTECmd against MFT files
openrelik-worker-clamav
OpenRelik worker for malware scanning files and directories with ClamAV signatures.
openrelik-worker-kstrike
Worker for OpenRelik to add User Access Log parsing with Brian Moran's KStrike tool.
RECmd Worker
Runs Eric Zimmerman's RECmd application on Registry Hives in filetree consistent archives (like KAPE .zip images) using the DFIR Batch files
Txt File to CSV Worker
Smashes provided text format files together into one csv file