Diffy has been deprecated at Netflix. This software is no longer maintained or supported. Diffy is a digital forensics and incident response (DFIR) tool that was developed by Netflix's Security Intelligence and Response Team (SIRT). Diffy allows a forensic investigator to quickly scope a compromise across cloud instances during an incident, and triage those instances for followup actions. Diffy is currently focused on Linux instances running within Amazon Web Services (AWS), but owing to our plugin structure, could support multiple platforms and cloud providers. It's called "Diffy" because it helps a human investigator to identify the differences between instances, and because Alex pointed out that "The Difforensicator" was unnecessarily tricky. See Releases for recent changes. See our Read the Docs site for well-formatted documentation. Supported Technologies: AWS (AWS Systems Manager / SSM), Local osquery. Each technology has its own plugins for targeting, collection, and persistence. Features: Efficiently highlights outliers in security-relevant instance behavior. For example, you can use Diffy to tell you which of your instances are listening on an unexpected port.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
A library to access the Extensible Storage Engine (ESE) Database File (EDB) format used in various Windows applications.
TestDisk is a free data recovery software that can recover lost partitions and undelete files from various file systems.
An open source format for storing digital evidence and data, with a C/C++ library for creating, reading, and manipulating AFF4 images.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
A library to access FileVault Drive Encryption (FVDE) encrypted volumes on Mac OS X systems.
Stegextract is a Bash script that extracts hidden files and strings from images, supporting PNG, JPG, and GIF formats.
A command-line tool for creating hex dumps, converting between binary and human-readable representations, and patching binary files.
Zenduty's platform provides real-time operational health monitoring and incident response orchestration to improve incident response times and build a solid on-call culture.
A comprehensive incident response tool for Windows computers, providing advanced memory forensics and access to locked systems.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.