Diffy has been deprecated at Netflix. This software is no longer maintained or supported. Diffy is a digital forensics and incident response (DFIR) tool that was developed by Netflix's Security Intelligence and Response Team (SIRT). Diffy allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions. Diffy is currently focused on Linux instances running within Amazon Web Services (AWS), but owing to our plugin structure, could support multiple platforms and cloud providers. It's called "Diffy" because it helps a human investigator to identify the differences between instances, and because Alex pointed out that "The Difforensicator" was unnecessarily tricky. See Releases for recent changes. See our Read the Docs site for well-formatted documentation. Supported Technologies: AWS (AWS Systems Manager / SSM), Local osquery. Each technology has its own plugins for targeting, collection, and persistence. Features: Efficiently highlights outliers in security-relevant instance behavior. For example, you can use Diffy to tell you which of your instances are listening on an unexpected port.
FEATURES
ALTERNATIVES
A digital investigation platform for parsing, searching, and visualizing evidences with advanced analytics capabilities.
Tool for parsing Android logs events and protobuf data
Accessing databases stored on a machine by the Chrome browser and dumping URLs found.
A free, open source collection of tools for forensic artifact and image analysis.
dc3dd is a patch to the GNU dd program, tailored for forensic acquisition with features like hashing and file verification.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.
PINNED

InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.

Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.

CTIChef.com Detection Feeds
A tiered cyber threat intelligence service providing detection rules from public repositories with varying levels of analysis, processing, and guidance for security teams.

OSINTLeak
OSINTLeak is a tool for discovering and analyzing leaked sensitive information across various online sources to identify potential security risks.

ImmuniWeb® Discovery
ImmuniWeb Discovery is an attack surface management platform that continuously monitors an organization's external digital assets for security vulnerabilities, misconfigurations, and threats across domains, applications, cloud resources, and the dark web.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.