The BIRT Project

The Collaborative Forensics Platform

Welcome to The BIRT Project. Our goal is to support incident responders by providing them with effective tools that exceed their needs. As a 100% bootstrapped project, we are motivated by our extensive experience in cybersecurity and a deep understanding of the challenges faced in incident response. We recognize the need for quick and accurate responses in the face of today's changing threats.
Download the Free Beta Today!
The Beta application will load a demo investigation based on data from the detection-hackathon-apt29 Github repo. That repo has been forked and the separated data can be found here. Documentation is found on the ribbon menu to the left of the application UI and can be downloaded as a PDF. Unlocked evaluation licenses are available upon request.
156,792,736 b149 MB
Download Installer

docker pull thebirtproject/birt-beta:
docker run -it -p -p thebirtproject/birt-beta:

Browse to⁠
Credentials;  u: admin  p: admin
Large language model (LLM) integration provides easy access to a wealth of knowledge and can summarize individual events, groups of evidence as well as investigations. This feature simplifies the complex analysis process, enabling users to quickly grasp the core details of the incident. Whether for technical teams needing in-depth analysis or management requiring executive summaries, BIRT ensures that all stakeholders receive the information most relevant to them.
It's time to retire the 'spreadsheet of doom'. BIRT desktop edition is designed for quick deployment, centralizing and streamlining the organization and processing of investigation evidence. Events and evidence are automatically organized into incident timelines and hierarchies, simplifying evidence management. The platform features a user-friendly interface that streamlines the evidence review process enabling security teams to quickly navigate and analyze data effectively.
BIRT's advanced features automate time-consuming tasks, such as artifact correlation and ATT&CK pattern recognition. This results in faster incident identification, reduced mean time to remediate (MTTR), and realtime comprehensive reporting.
BIRT seamlessly incorporates the industry-standard MITRE ATT&CK Framework taxonomy. This integration ensures consistent data structure, analysis, and reporting, resulting in faster insights into the attackers intent while providing clear messaging to all stakeholders.
BIRT recognizes and parses artifacts, breaking them down into discrete events that are placed on an endpoint timeline. Normalizing and fusing the disparate data sources into one view gives an investigator the situational awareness needed to understand todays' complex intrusions.