Security firm Fox-IT has made Dissect open source. The tool automates incident response workflows. Fox-IT is publishing the source code in hopes of convincing other security companies to use and expand the tool.

Dissect bundles several tools into a single environment. The environment consists of so-called parsers for disk analysis, tools for tracking Windows log events and solutions for containers, file systems, operating systems and volumes. In addition, plug-ins can be installed for examining various systems, including browser histories.


Dissect helps automate investigations of cyberattacks such as ransomware. According to Fox-IT, the open-source and commercial tools currently available for this purpose do not meet the requirements, especially when it comes to speed. The security firm has therefore decided to publish the source code of its own solution.

The solution helps map networks during so-called advanced persistent threat (APT) attacks. When responding to APT attacks, defenders must remain invisible to attackers through a forensic copy of the entire network environment. This can be a time-consuming and considerable problem for large companies. Dissect automates workflows to analyze complex networks in a matter of hours, allowing security professionals to act faster.


The source code and associated documentation of Dissect are now available on GitHub. By making publishing the code, Fox-IT hopes to convince other security companies to use and improve the solution.

Tip: Security industry launches OCSF, open framework for security data