Your download link is at the very bottom of the page... always.

Processed through Paypal
No account required.

Donate Bitcoin to this wallet:
Donate Ethereum to this wallet:
Donate Litecoin to this wallet:

Buy our over-priced crap to help keep things running.

Join our Facebook groupFollow us on TwitterFollow us on InstagramOur RSS FeedJoin us on TikTokJoin us on LinkedIn

Update on Randy by: Randy.
Hi everyone. I am slowly on the mend. I'm trying to be a good home patient by doing my breathing exercises and walking.
Deanna won't let me go work at our store but she has given me the green light to work on the website and do remote support.
I just want to thank everyone for taking care of her while I was down with your extra donations and messages.
She is quite the bread winner on her own but halving any family's income is a scaring thing.
Thank you!

 Home » Freeware Downloads » Anti-Virus, Anti-Malware, Security Utilities » Advanced Malware Tools » Chainsaw v1.1.6   
File - Download Chainsaw v1.1.6

Always scroll to the bottom of the page for the download link.
We don't believe in fake/misleading download buttons and tricks. The link is always in the same place.

Chainsaw v1.1.6

Rapidly Search and Hunt through Windows Event Logs

Chainsaw provides a powerful ‘first-response’ capability to quickly identify threats within Windows event logs. It offers a generic and fast method of searching through event logs for keywords, and by identifying threats using built-in detection logic and via support for Sigma detection rules.

🔍 Search and extract event log records by event IDs, string matching, and regex patterns
🎯 Hunt for threats using Sigma detection rules and custom built-in detection logic
⚡ Lightning fast, written in rust, wrapping the EVTX parser library by @OBenamram
🔥 Document tagging (detection logic matching) provided by the TAU Engine Library
📑 Output in an ASCII table format, CSV format, or JSON format

Hunting Logic

Sigma Rule Matching
Using the --rules and --mapping parameters you can specify a directory containing a subset of SIGMA detection rules (or just the entire SIGMA git repo) and chainsaw will automatically load, convert and run these rules against the provided event logs. The mapping file tells chainsaw what event IDs to run the detection rules against, and what fields are relevant. By default the following event IDs are supported:

Built-In Logic
Extraction and parsing of Windows Defender, F-Secure, Sophos, and Kaspersky AV alerts
Detection of key event logs being cleared, or the event log service being stopped
Users being created or added to sensitive user groups
Brute-force of local user accounts
RDP Logins

You can specify the --lateral-all flag to chainsaw to also parse and extract additional 4624 logon types (network logons, service, batch etc.) relating to potential lateral movement that may be interesting for investigations.

Getting Started

You can use the pre-compiled versions of chainsaw from, or you can clone the repo (and the submodules) by running: git clone --recurse-submodules

You can then compile the code yourself by running: cargo build --release. Once the build has finished, you will find a copy of the compiled binary in the target/release folder.

Make sure to build with the --release flag as this will ensure significantly faster execution time.

If you want to quickly see what Chainsaw looks like when it runs, you can use the command:

./chainsaw hunt evtx_attack_samples/ --rules sigma_rules/ --mapping mapping_files/sigma-mapping.yml

Supporting Additional Event IDs (via Mapping Files)

When using Sigma rule detection logic, Chainsaw requires a 'mapping file' to tell it which event IDs to check, what fields are important, and which fields to output in the table view. The included sigma mapping in the "mapping_files" directory already supports most of the key Event IDs, but if you want to add support for additional event IDs you can use this mapping file as a template.


Help Output:

Command Examples

Search all .evtx files in the evtx_files dir for event id 4624
./chainsaw search ~/Downloads/evtx_files/ -e 4624

Search a specific evtx log for logon events containing the string "bob" (case insensitive)
./chainsaw search ~/Downloads/evtx_files/security.evtx -e 4624 -s "bob" -i

Search a specific evtx log for logon events, with a matching regex pattern. Save results to file
./chainsaw search ~/Downloads/evtx_files/security.evtx -e 4624 -r "bob[a-zA-Z]" -o out.txt

Help Output:

Command Examples
Hunt through all event logs in a specific path, show additional information relating to potential lateral movement, and save results to individual CSV files

Hunt through all event logs in a specific path, apply detection logic and TAU rules from the specified path

clean: updating README file by @FranticTyping in #65
feat: add in output command as requested for #60 by @fscc-alexkornitzer in #64

This download is for the Windows version. All other download assets are below:



Click here to visit the author's website.
Continue below to download this file.

Downloads Views Developer Last Update Version Size Type Rank
800 1,385 F-Secure Countercept <img src=""border="0"> Feb 27, 2022 - 11:09 1.1.6 4.84MB ZIP 5/5, out of 10 Votes.
File Tags
Chainsaw  v1.1.6  
Whoa! Slow down there, Speedy.
Read this and then continue to download below.

Like seeing no ads? No misleading/fake download buttons?
We like it too! This site has been kept alive for 14 years
because of people just like you who download and donate.
No one is stopping you from downloading without donating
but the site runs on the "Honor System". If your momma
raised you to be honorable, make a donation and download
'til ya turn blue. Make your momma proud!

Thank you! -Randy & Deanna (The Older Geeks)

Monthly operating costs = $750
Donations cover operating costs,
are set aside for future upgrades and/or
handed-over to Deanna for new shoes.

Donate through Paypal

Donate through Stripe

Just send a check to our computer store payable to Home Computer Repair LLC.
Our address: Home Computer Repair LLC, 208 E. Water St. Mount Vernon, MO 65712

Recent Super Donors ($50+)
Thanks, Carol
Thanks, Helen
Thanks, Warren
Thanks, C.

Recent Donors
Thanks, Pat
Thanks, Samuel
Thanks, Michael
Thanks, David
Thanks, Owen
Thanks, Paul
Thanks, Elizabeth
Thanks, Robert
Thanks, Michael
Thanks, David

   →→ Download Now ←← - Click to Rate File -
Like this download? Share it on Twitter → Copyright (c) 2022