FLARE VM: a Windows-based security distribution for malware analysis, incident response and…

A fully configured platform with open source tools

FLARE VM is a freely available and open sourced Windows-based security distribution for reverse engineering, malware analysis, incident response, forensics analysis, and penetration tests.

FLARE VM delivers a fully configured platform with a comprehensive collection of Windows security tools such as debuggers, disassemblers, decompilers, static and dynamic analysis utilities, network analysis and manipulation, web assessment, exploitation, vulnerability assessment applications, and many others.

Installed Tools


  • OllyDbg + OllyDump + OllyDumpEx
  • OllyDbg2 + OllyDumpEx
  • x64dbg
  • WinDbg


  • IDA Free
  • Binary Ninja Demo


  • JD-GUI

Visual Basic

  • VBDecompiler


  • FFDec


  • ILSpy
  • DNSpy
  • DotPeek
  • De4dot


  • Offvis

Hex Editors

  • FileInsight
  • HxD
  • 010 Editor


  • PEiD
  • ExplorerSuite (CFF Explorer)
  • PEview
  • DIE

Text Editors

  • SublimeText3
  • Notepad++
  • Vim


  • MD5
  • 7zip
  • Putty
  • Wireshark
  • RawCap
  • Wget
  • UPX
  • Sysinternals Suite
  • API Monitor
  • SpyStudio
  • Checksum
  • Unxutils

Python, Modules, Tools

  • Python 2.7
  • Hexdump
  • PEFile
  • Winappdbg
  • FakeNet-NG
  • Vivisect
  • PyCrypto
  • Cryptography


  • VC Redistributable Modules (2008, 2010, 2012, 2013)


Create and configure a new Windows 7 or newer Virtual Machine (my suggestion: get it from https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/).

The installation script is a Boxstarter script which is used to deploy FLARE VM configurations and a collection of chocolatey packages.

The easiest way to run the script is to use Boxstarter’s web installer as follows:

  1. On the newly created VM, open the following URL in Internet Explorer (other browsers are not going to work):


where FLAREVM_SCRIPT is a path or URL to the respective FLARE VM script. For example to install the malware analysis edition:


or if you have downloaded and copied the installation script to the local C drive:


  1. Copy install.bat and flarevm_malware.ps1 on the newly created VM and execute install.bat.

More information and downlaods



Related posts

  1. James Duffy: Demystifying iOS Data Security
  2. iOS forensic acquisition methods
  3. Windows Forensics: analysis of Recycle bin artifacts
  4. OS X forensic acquisition: a basic workflow
  5. How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?