Kansa
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
Free1,639
Free1,639
Kansa
A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts.
Data verified Jun 2026
ADYour product here. Reach security decision-makers.Launch a campaignKansa Description
A modular incident response framework in Powershell that uses Powershell Remoting to run user-contributed modules across hosts in an enterprise to collect data for incident response, breach hunts, or building an environmental baseline. It's recommended to upgrade to Powershell v3 or later for optimal performance. For more information, visit: - http://trustedsignal.blogspot.com/search/label/Kansa - http://www.powershellmagazine.com/2014/07/18/kansa-a-powershell-based-incident-response-framework/ To use it, after downloading and unzipping the project, unblock the ps1 files by running: ls -r *.ps1 | Unblock-File. Ensure to check and set your execution policies accordingly.
Kansa FAQ
Common questions about Kansa including features, pricing, alternatives, and user reviews.
Kansa is A modular incident response framework in Powershell that uses Powershell Remoting to collect data for incident response and breach hunts. It is a Security Operations solution designed to help security teams with Evidence Collection, Memory Forensics.
Kansa is a free Security Operations tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/davehull/Kansa/ for download and installation instructions.
Popular alternatives to Kansa include:
1.Binalyze - DFIR platform automating investigation, evidence collection, and IR. (Commercial)
2.RTIR - Request Tracker for Incident Response (RTIR) is a tool for incident response teams to manage incident reports, correlate data, and facilitate communication. (Free)
3.AChoir Windows Live Artifacts Acquisition Scripting Framework - A framework/scripting tool to standardize and simplify the process of scripting favorite Live Acquisition utilities for Incident Responders. (Free)
4.Incident Response Investigation System (IRIS) - A web collaborative platform for incident responders to share technical details during investigations, shipped in Docker containers for easy installation and upgrades. (Free)
5.DFIRTrack - DFIRTrack is an open source web application focused on incident response for handling major incidents with many affected systems, tracking system status, tasks, and artifacts. (Free)
Compare all Kansa alternatives at https://cybersectools.com/alternatives/kansa
Kansa is for security teams and organizations that need Evidence Collection, Memory Forensics. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Security Operations tools can be found at https://cybersectools.com/categories/security-operations
Have more questions? Browse our categories or search for specific tools.
