Skip to content

A mid-year review

banner

The idea of DFIR-IRIS is born within the commercial CSIRT of Airbus Cybersecurity in France, 2019.

Following the struggle to share technical details during engagements, and after testing multiple existing tools, we figured a custom solution might be needed to fit the team's needs. Consequently the very first draft of DFIR-IRIS was born, developed by two of the team members.

Long story short, the tool slowly evolved and improved over time, to the rhythm of the incidents. From a single user mode single page application, it slowly became the multi users multi purpose web application better known today.

Comes ends of 2020 and one of the two core members leaving the company, along with the very first mention of releasing DFIR-IRIS in open-source. A year later and some long coding hours behind the scene, the project is finally released in December 2021 with the agreement and support of Airbus CyberSecurity.

While the project was far from perfect, we privileged the Release Early, Release Often angle to quickly drive it to a more mature and stable state.

From then, we saw a growing interest in the project, a great evolution for the short time it's been published and a definitive place for it in the open source community.

As of this article, more than 800 commits were added, 21k lines of code wrote, 14k deleted, 63 issues raised, 48 pulls requests submitted and 8 versions released in less than six months. We added new features along the way such as timeline visualizations, sharing links, hooks, processing modules, VT and MISP integrations in beta, you name it. We also greatly improved the stability and reduce bugs while making the platform quicker and more efficient. And we'd definitely like to thank the community for helping out in achieving this.

Looking forward, we are currently assessing the best options to keep the project going in the right direction and prevent any unfortunate slippage. Motivated by how things went so far, we wish to make the project thrive and evolve on the long run with the help of the community. We have buckets of ideas, and we can't wait to share them.

Happy DFIR
@whitekernel & @ekto

#Story
Back to top