What is IREC?

IREC is an all-in-one Evidence Collector which lets you collect critical evidence from a live system with a single mouse click.

Advantages

  • Complete. Collects RAM Image, $MFT as CSV, Event Logs, Hibernation Info, DNS Cache and much more,
  • Portable. No installation required,
  • Compatible. Supports all 32 and 64 bit Windows versions starting from XP,
  • User Friendly. Creates easy to share HTML and JSON reports,
  • Lightning Fast. It collects them all in a few minutes!
  • Scriptable. Supports YARA with IR oriented modules.

Please fill in the form to download IREC Free Edition. The download link will be sent to your e-mail.


Download “IREC Free Edition” IREC.exe – 10,5 MB

Version 1.5.4 (Release History)

Released on September 30th, 2018

  • Highly optimized performance
  • Highly optimized memory footprint
  • Added YARA for memory (TACTICAL Feature)
  • Added YARA for file system (TACTICAL Feature)
  • Added hash calculation (TACTICAL Feature)
  • Added encrypted drive detection (TACTICAL Feature)
  • Added example rules to RuleSet
  • Changed MFT date time format to excel friendly yyyy-mm-dd hh:mm:ss
  • Updated prefetch filetimes to original files on disk
  • Removed WMI Scripts enumeration from FREE Edition

Screenshots

TOP