Next Generation DFIR Platform
Crow Eye Logo

The Next Generation
of the DFIR

Crow Eye – The Next Generation of the DFIR. Distributed, Scalable, and Proactive. The depth of a full forensic investigation at the speed of your network.

Download Free Explore Core
Scroll
Platform

One Platform For All

Every component of a forensic investigation, unified in a single open-source engine.

Acquisition | Crow-Claw
Precision Data Gathering & Native Image Parsing
High-speed acquisition designed to collect raw forensic artifacts with zero friction. Whether you are running live triage on an active endpoint or analyzing dead-box forensic images (E01, RAW, VHD), Crow-Eye natively parses the data directly. No third-party mounting tools or extraction drivers required—just point, parse, and hunt.
Analysis
Correlation Engine
Beyond isolated artifacts. Our engine automatically stitches events across Prefetch, Registry, and Event Logs to reveal the full narrative of system activity.
Verification
Timeline Visualization
Interactive Evidence. Verify findings through a professional, high-fidelity timeline that maps correlated artifacts onto a unified temporal grid.
Intelligence | Eye-describe
Decoding the Binary
Empowering the Next Generation of Researchers
A true forensic investigation requires more than just reading parsed output—it demands an absolute understanding of the data at its core. Eye-describe bridges the gap between raw binary structures and human intelligence. Designed specifically for advanced threat researchers and DFIR professionals, Eye-describe tears down complex Windows artifacts to their lowest binary level and translates every byte into clear, understandable context. It doesn't just tell you what the artifact says; it explains exactly how the data is structured under the hood. By demystifying the binary, Eye-describe builds the foundational knowledge base that empowers human analysts to validate findings, discover new techniques, and fuel our active AI agents.
Explore Eye-describe
AI Agent | Intelligence
Eye AI
Eye: The Forensics AI Assistant
Eye is a skilled Forensics Investigator with a real knowledge base of Windows forensic artifacts. Developed to automate and verify any hypotheses an investigator has, Eye is built to be a powerful assistant, not a replacement. It empowers human analysts to validate findings faster and with higher precision.

Operational security is paramount. Eye adapts to your exact threat model:
Cloud AI Models: Leverage massive compute for deep, complex threat analysis.
Offline AI Server: Run completely air-gapped for zero-exposure, strictly on-premise investigations.
CLI AI Agents: Deploy lightweight, fast-acting agents directly from your terminal for rapid triage.
eye-agent v0.10.2
Eye>Initializing forensic scan...
Eye>Analyzing Amcache entries...
Potential Execution Detected: C:\Temp\malware.exe
Eye>Correlating with ShimCache...
Match found. First execution verified at 10:42 PM.
Eye>Cross-referencing Prefetch...
Consult the Eye
Live Triage
Unified Live Parsing
Parse all 12+ forensic artifact classes from a single platform directly on live machines. No imaging required for rapid triage — just pure, real-time forensic insights.
Prefetch Registry Jump Lists LNK Event Logs AmCache ShimCache ShellBags MFT USN Journal Recycle Bin SRUM
Intelligence
Dynamic Linking
Translate raw forensic artifacts (SIDs, MACs, Hashes) into human-readable context on the fly. The engine automatically extracts baseline system relationships and ingests bulk IOC threat feeds. Using high-speed, non-destructive SQL ATTACH queries, it enriches the UI natively without ever altering the original forensic evidence.
Modern DFIR | Cross-Platform
Native Execution (Windows & Linux)
Forensics doesn't happen in a vacuum. Crow-Eye is compiled to run natively across environments. Deploy lightweight agents directly on Windows endpoints for rapid live triage, or run the full correlation and AI intelligence engines on your secure Linux analysis servers. Maximum power, zero compatibility friction.
Windows
Linux
0
Supported Artifact Types
0
% Free & Open Source
0
Data Sent Off-Device
Coverage

Supported Artifacts

Comprehensive parsing across every major Windows forensic artifact class.

Prefetch
Execution history, run count, timestamps
Live
Registry
AutoRun, UserAssist, BAM, networks
Live
Jump Lists & LNK
File access, paths, metadata
Live
Event Logs
System, Security, Application
Live
AmCache
Full path, install time, publisher
Live
ShimCache
File name, path, last modified
Live
ShellBags
Folder views, access history
Live
MRU & RecentDocs
Typed paths, Open/Save history
Live
MFT Parser
File metadata, deleted files
Live
USN Journal
File create/modify/delete
Live
Recycle Bin
Deleted names, paths, times
Live
SRUM
App resource, network, energy
Live
Ecosystem

Integration & Reporting

Extending the power of Crow-Eye through seamless interoperability and high-fidelity evidence exports.

Multi-Tool Integration
Interoperability
Crow-Eye is built to be the center of your forensic ecosystem. Seamlessly export findings or ingest data from third-party parsers to maintain a unified investigation workflow without switching platforms.
Dynamic Data Ingestion
Universal Ingestion
The Correlation Engine is format-agnostic. Ingest any parser output—whether it's JSON, CSV, or SQLite—and our engine automatically transforms it into high-performance Feather databases for instant, deep-dive correlation.
Professional Reporting
Evidence Reporting
Generate high-fidelity reports in CSV, JSON, and Detailed HTML. Every report is a complete dossier, consolidating every piece of evidence artifact related to your search terms into a single, verifiable document.
Engagement

Contribute & Develop

We expect active builders, not passive users.

In the constantly shifting landscape of cybersecurity, no single tool is perfect, and every analytical approach has its blind spots. That is exactly why we must continuously harden our defenses and refine our methods. Crow-Eye is an evolving ecosystem, and its true strength comes from the people who push it to its limits.

We don't just want you to use Crow-Eye — we want you to help build it. Whether you have uncovered a bug, conceptualized a new feature, or have a critical enhancement for our parsing engine, your input drives the next generation of this platform forward.

Spot an issue or have a vision for an upgrade? Don't hold back. Pitch your enhancements, report bugs, and share your architectural ideas directly with our core team.

Join the build: contribution@Crow-Eye.com
Interactive Modules

Experience Eye Describe

Interactive forensic visualizations powered by the Eye Describe binary-level artifact explainer.

Prefetch Anatomy

Forensic dissection of Windows Prefetch files (.pf) to track application execution history.

Execution Proof Binary Mapping
Launch Module

Disk & Partition Explorer

Explore the physical and logical structure of a Windows boot disk with interactive forensic highlights.

Disk Layout Boot Process
Launch Module

LNK Anatomy

Deep dive into the binary structure of Windows Shortcut files and their forensic significance.

Binary Structure Metadata
Launch Module

Jump List Forensics

Visualize how Windows tracks user activity through Custom and Automatic Jump List artifacts.

Activity Tracking Shell Items
Launch Module
Enterprise

Crow-Eye Sentinel

Distributed, Scalable, and Secure. Transform Crow-Eye into a centralized forensic powerhouse across thousands of endpoints. Zero-exposure RAM-first encryption, zstd compression, and WingVision telemetry.

Request Enterprise Kit
Assistance

Support & Assistance

Facing a critical roadblock or an urgent technical issue? Our support team is ready to assist you.

Urgent Technical Support

Direct access to our core development team for resolving complex forensic engine failures or critical data acquisition errors.

support@crow-eye.com

Fast-Track Resolution

To solve your issue as fast as possible, please provide the related diagnostic logs and a brief description of the system state at the time of the error.

System Logs Required Diagnostic Data
Legal

Privacy Policy

Crow-Eye is a forensic investigation engine designed with a strong commitment to user privacy.

The Crow-Eye engine

The Crow-Eye forensic engine collects no data about its users or their activities. All analysis, data processing, and case management are performed locally on your machine. No forensic artifacts, case data, personal information, or usage statistics are transmitted to us or any third party. Your investigations remain entirely private and on your system.

Website & download verification

To download the Windows build, we ask you to verify your email address. During this step we collect the details you enter — your full name, work email, company or organization, role, and purpose of use — along with your IP address and browser user-agent, which we use to prevent automated abuse. We use this information only to confirm your email, provide access to the download, and occasionally send important product and security updates. This data is stored securely in a Cloudflare D1 database, and the one-time verification code is delivered through our email provider, Resend. We do not sell your information or share it for advertising.

Bot protection (Cloudflare Turnstile)

The download form is protected from automated abuse by Cloudflare Turnstile, which runs in invisible mode — there is no puzzle or visible challenge. Your use of Turnstile is subject to Cloudflare's Privacy Policy and Turnstile Privacy Addendum.

Your rights

You can ask us to access or delete the information you provided at any time — just email support@crow-eye.com. Our focus remains a powerful, transparent, and secure engine for forensic analysis, without compromising the privacy of our users.