// for investigators
1199 browser-only forensics tools, organized for people who actually run investigations. nothing uploads. nothing phones home. your evidence stays on your device.
- business email compromise (BEC)vendor impersonation · payroll redirect · wire fraud · spoofed reply chains. evidence is almost always email headers, mailbox rules, and login telemetry.17 tools
- pig butchering / long-con investment scamweeks-to-months of chat grooming → fake crypto exchange → drained wallet. evidence spans messaging apps, crypto wallets, and screenshots.16 tools
- ransomware responseencryption onset → lateral movement → exfil → ransom note. the first 48 hours are about scoping, finding patient-zero, and preserving evidence before the actor wipes logs.18 tools
- stalkerware sweep (mobile)covertly installed monitoring apps on a personal phone. iOS + android are very different surfaces: hidden config profiles + pairing records on iOS, sideloaded APKs + accessibility-abuse on android.16 tools
- intimate partner violence — tech trailfor DV advocates: documenting tech-based abuse — shared accounts, tracking, covert recording, social-media impersonation. evidence has to hold up for protective orders.16 tools
- election integrity investigationvoter-roll tampering, e-pollbook artifacts, ballot-image chain of custody, election-night messaging spoofing, foreign-influence pattern surfacing.15 tools
- account takeover (ATO)credential stuffing → SIM swap → password reset chain → exfil. evidence lives in identity-provider logs, mailbox rules, and session artifacts.16 tools
- crypto theft / wallet drainapprove-for-all phishing, sweeper bots, malicious dapps, drained hot wallets. evidence is a tx graph + the malicious contract bytecode + browser history.16 tools