WebXplorer: Browser-Based Data Analysis Tool for DFIR

In the field of Digital Forensics & Incident Response (DFIR), having tools that allow quick browsing, filtering, grouping and sorting of data is essential, whether you’re triaging some SSL VPN logs or working through Hayabusa alerts. While I’m a big fan of Eric Zimmerman’s Timeline Explorer on Windows, I needed something cross platform that can also work with multiple files at once.

Inspired by the powerful browser-based tool CyberChef and a colleague’s alternative frontend for Elasticsearch, I decided to create a browser-based data analysis tool for common simple formats such as CSV and JSON files.

Introducing WebXplorer.

The concept behind WebXplorer is simple: drag and drop files into the browser and begin analysis. If your data is spread across multiple files, just drag and drop additional files to append them to the existing data and WebXplorer will automatically create a new “Source” column to identify the source file. WebXplorer provides robust grouping, sorting and filtering capabilities, all processed locally in your browser.

Features

WebXplorer is still a work in progress, but it has already become my go-to tool for working with files of all sizes. I have a long list of additional features I’d like to implement, but here are some of the current features:

  • Drag and Drop: Easily import and combine multiple files.
  • Powerful Data Exploration: Group, sort, and filter data using AG Grid.
  • Local Processing: All data is processed in the browser for speed and security.
  • Progressive Web App: Install and use WebXplorer offline.
  • Fortinet CSV/Key Value Log Support: Alpha support our favourite SSL VPN/Firewall product Fortinet.

I’d love to hear from you if you find WebXplorer useful or if you have any suggestions.

Screenshot of WebXplorer

Leave a Reply