r3nzsec

r3nzsec / irflow-timeline

Public

DFIR Timeline Analysis for macOS — SQLite-backed viewer for CSV, TSV, XLSX, EVTX, and Plaso files with built-in process inspection, lateral movement tracking, and persistence detection.

r3nzsec.github.ioirflow-timeline dfir digitalforensics forensicstriage incidentresponse macos
73
11
100% credibility
Found Mar 03, 2026 at 73 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

IRFlow Timeline is a native macOS application designed for forensic investigators to efficiently load, view, filter, and analyze large timeline datasets from CSV, Excel, EVTX, and Plaso files.

How It Works

1
🔍 Discover IRFlow Timeline

You hear about a fast Mac app that makes sorting through huge security event logs easy, like a timeline explorer for investigations.

2
💻 Launch the App

Get the app ready on your Mac and open it up – it feels smooth and modern right away.

3
📁 Load Your Files

Drag in your CSV spreadsheets, Excel sheets, or log files, even massive ones, and watch it load without slowing down.

4
📈 Explore the Timeline

See all your events lined up by time in a clear table you can zoom, sort, and scroll through endlessly.

5
🔎 Analyze and Mark Up

Filter for clues, bookmark interesting events, add tags, and run quick checks for suspicious patterns.

📊 Export Your Findings

Create a shareable report or filtered list of key events to hand off to your team or investigation report.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 73 to 73 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is irflow-timeline?

irflow-timeline is a native macOS app for DFIR timeline analysis, loading CSV, TSV, XLSX, EVTX, and Plaso files into a SQLite-backed viewer that handles massive forensic timelines without choking. It delivers smooth virtual scrolling, full-text search, and built-in detection for process chains, lateral movement, and persistence mechanisms. Built in JavaScript with Electron, it mirrors Eric Zimmerman's Timeline Explorer but for macOS users tackling DFIR reports from tools like Hayabusa, KAPE, or Velociraptor.

Why is it gaining traction?

Unlike web-based DFIR timeline tools or clunky spreadsheets, it ingests GitHub DFIR reports and Plaso outputs directly, with process trees, gap analysis, and IOC matching that speed up threat hunting. The hook is its high-performance parsing of EVTX and CSV dumps—think SANS DFIR GitHub workflows or TryHackMe DFIR timeline analysis—plus exportable HTML reports and session saving. Developers dig the drag-and-drop imports and bulk tagging for real incident response.

Who should use this?

DFIR analysts on macOS parsing Hayabusa or KAPE exports, incident responders building DFIR iris timelines from Velociraptor/Plaso, or blue teams tracking persistence in enterprise logs. Ideal for GitHub DFIR labs enthusiasts or those simulating DFIR timeline analysis on TryHackMe rooms.

Verdict

Grab it if you're a macOS DFIR practitioner needing a dedicated timeline tool—docs are solid and building a DMG takes minutes. At 73 stars and 1.0% credibility, it's early but promising; test on sample EVTX/CSV before production.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.