WithSecureLabs/chainsaw — reverse-engineered prompt

Build me a fast command line tool for incident response on Windows forensic files. I want to point it at a folder of Windows Event Logs or other common artefacts like the MFT, registry hives, ESE databases, Shimcache, Amcache, and SRUM, and have it quickly search for keywords or regex, hunt for suspicious activity with Sigma rules plus some built in detection rules, and show clean results in a readable table with options for CSV or JSON.

It should also create simple execution timelines from Shimcache enriched with Amcache, surface useful SRUM insights, detect gaps in event logs, and dump raw contents when needed. Make it run on Windows, Mac, and Linux, keep it lightweight and fast, and include sensible mappings and sample rules for common security events like process creation, remote logins, user creation, log clearing, stopped log services, and brute force attempts. If anything is unclear, look up the current docs and examples online and make it feel polished and practical for real investigations.