Skip to content

ADFT v1.0.0 - Initial public release

Choose a tag to compare

View all tags
@Kjean13 Kjean13 released this 16 Mar 04:20
· 13 commits to main since this release
v1.0.0
90eff60

ADFT v1.0.0

Initial public release of ADFT - Active Directory Forensic Toolkit.

ADFT is an offline investigation toolkit focused on Active Directory / Windows security events, designed to help analysts ingest logs, normalize events, detect suspicious activity, correlate signals, reconstruct attack paths, generate reports, and review findings through both a CLI and an integrated GUI.

Highlights

  • Offline investigation workflow for Windows / AD / SIEM-oriented datasets
  • EVTX support through python-evtx
  • Deterministic detection engine with rulepack v1
  • Correlation and reconstruction pipeline
  • Reporting exports in HTML / JSON / CSV
  • Integrity and validation artifacts
  • Interactive GUI with:
    • bilingual FR / EN switch
    • graph exploration
    • fullscreen graph mode
    • benchmark view
    • refresh support
  • Included demo dataset for product validation and demonstration

Packaging

  • Official installation path via install_adft.sh
  • pyproject.toml as packaging source of truth
  • requirements-dev.txt reserved for development and testing
  • Prebuilt packaged GUI included in adft/webui_dist

Validation status

Release validation completed on the packaged build:

  • installation OK
  • CLI investigation OK
  • GUI launch OK
  • EVTX dependency OK
  • demo dataset processing OK

Notes

This release is intended for:

  • lab usage
  • demonstrations
  • early community feedback

License: MIT

Assets 2
Loading