[{"slug":"aviation","label":"aviation / ACARS / flight data","shortLabel":"aviation","priority":"H","description":"ACARS messages, flight-data recorder dumps, EFB tablets, ADS-B replay, dispatch-comm investigation. very few vendors, very specific formats.","primaryToolSlugs":["flightaware-adsb-replay-export-forensic-analyzer","flightradar24-track-export-forensic-analyzer","boeing-737-fdr-frame-decoder","acars-message-log-forensic-analyzer","efb-foreflight-track-log-forensic-analyzer","adsb-spoofing-detection-from-receiver","adsb-vs-radar-divergence-detector","cockpit-voice-recorder-metadata-forensic-extractor"],"secondaryToolSlugs":["ntsb-exhibit-package-forensic-parser","case-report-generator","gis-track-forensics","satcom-acars-decoded-frame-parser","vhf-acars-decoded-frame-parser","evidence-manifest-generator","chain-of-custody-gap-detector","incident-timeline-builder","gnss-spoofing-jamming-artifact-detector","drone-flight-log-analyzer"]},{"slug":"maritime","label":"maritime / AIS / vessel tracking","shortLabel":"maritime","priority":"H","description":"AIS message forensics, voyage data recorder dumps, ECDIS chart artifacts, port-call records. core to insurance-fraud and sanctions-evasion casework.","primaryToolSlugs":["marinetraffic-ais-export-forensic-analyzer","vesselfinder-vessel-track-export-forensic-analyzer","spire-maritime-ais-csv-forensic-analyzer","port-state-control-inspection-log-forensic-analyzer","vdr-furuno-extraction-forensic-parser","ecdis-route-history-forensic-analyzer","ais-spoofing-detection-from-receiver","ship-to-ship-transfer-detection-from-ais","vessel-ownership-obfuscation-chain-detector"],"secondaryToolSlugs":["case-report-generator","ais-broadcast-log-forensic-analyzer","gis-track-forensics","evidence-manifest-generator","incident-timeline-builder","multi-artifact-correlator"]},{"slug":"rail","label":"rail / locomotive event recorder","shortLabel":"rail","priority":"L","description":"locomotive event recorders, PTC logs, dispatcher comms, signal-system audit trails. extremely small open-tooling footprint.","primaryToolSlugs":["gis-track-forensics","case-report-generator"],"secondaryToolSlugs":["incident-timeline-builder","evidence-manifest-generator"]},{"slug":"casino","label":"casino / slot machine / Title 31","shortLabel":"casino","priority":"L","description":"slot machine event logs, table-management system extracts, surveillance correlation, Title 31 / SAR thresholds. proprietary, vendor-locked formats.","primaryToolSlugs":["case-report-generator","log-correlation-engine","log-authenticity-scorer"],"secondaryToolSlugs":["log-gap-analyzer","log-ingestion-gap-detector","incident-timeline-builder"]},{"slug":"healthcare","label":"healthcare / DICOM / EHR audit","shortLabel":"healthcare","priority":"M","description":"DICOM metadata, HL7 audit trails, EHR access logs, HIPAA breach notification scoping. PHI sensitivity demands strict chain-of-custody.","primaryToolSlugs":["dicom-metadata-forensics","access-database-forensics","data-access-anomaly-detector","user-behavior-baseline-profiler","log-authenticity-scorer","redaction-quality-verifier","chain-of-custody-gap-detector","case-report-generator"],"secondaryToolSlugs":["log-gap-analyzer","log-ingestion-gap-detector","office365-audit-log-analyzer","hipaa-break-glass-access-log-forensic-analyzer","meditech-expanse-audit-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"healthcare-clinical","label":"healthcare clinical device expansion","shortLabel":"clinical","priority":"H","description":"bedside devices + clinical systems beyond core HL7/FHIR — Meditech Expanse · infusion pump tamper · insulin pump sessions · IntelliVue alarms · ventilator/dialysis · UDI device trace · LIS orders · patient portal · break-glass access · telehealth · dental PMS exports.","primaryToolSlugs":["meditech-expanse-audit-log-forensic-analyzer","insulin-pump-log-forensic-analyzer","medical-device-udi-tracking-log-forensic-analyzer","hipaa-break-glass-access-log-forensic-analyzer","ehr-patient-portal-access-log-forensic-analyzer","lab-lis-order-result-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["philips-intellivue-monitor-alarm-log-forensic-analyzer","ventilator-therapy-session-log-forensic-analyzer","dialysis-machine-session-log-forensic-analyzer","log-authenticity-scorer","log-gap-analyzer","chain-of-custody-gap-detector","telehealth-video-session-artifact-forensic-analyzer","dental-practice-management-export-forensic-analyzer","evidence-manifest-generator"]},{"slug":"post-quantum-crypto","label":"post-quantum cryptography forensics","shortLabel":"PQC","priority":"H","description":"NIST ML-KEM/ML-DSA/SLH-DSA artifacts + hybrid migration traces — TLS/SSH/IPsec PQC negotiation · X509 chain migration · XMSS/LMS stateful signatures · liboqs benchmarks · Signal PQXDH sessions.","primaryToolSlugs":["ml-kem-key-metadata-forensic-analyzer","hybrid-pqc-tls-handshake-forensic-analyzer","pqc-x509-certificate-chain-migration-detector","ssh-post-quantum-kex-negotiation-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["ml-dsa-signature-artifact-forensic-analyzer","slh-dsa-signature-log-forensic-analyzer","xmss-lms-stateful-hash-signature-forensic-analyzer","ipsec-post-quantum-transform-log-forensic-analyzer","signal-protocol-pqxdh-session-forensic-analyzer","liboqs-pqc-benchmark-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"legal-ediscovery","label":"legal / eDiscovery / litigation hold","shortLabel":"eDiscovery","priority":"H","description":"load-file QC · Bates stamping · privilege logs · redaction burn verification · family preservation · Relativity/Concordance validators — production-side tooling that runs locally on exports you already pulled.","primaryToolSlugs":["relativity-edrm-load-file-validator","concordance-load-file-validator","bates-cross-reference-validator","production-load-file-qc-scorer","redaction-burn-verifier","privilege-log-auto-drafter","case-report-generator"],"secondaryToolSlugs":["family-relationship-preservation-validator","deduplication-verification-tool","custodian-holds-tracker-with-acknowledgments","email-thread-reconstructor","redaction-quality-verifier","chain-of-custody-gap-detector","nuix-workstation-case-export-forensic-analyzer","forensic-platform-case-correlation-merge-tool","evidence-manifest-generator"]},{"slug":"forensic-platform-exports","label":"forensic platform case exports","shortLabel":"platform","priority":"H","description":"Nuix · EnCase · Autopsy · Volatility · Paladin · AXIOM Cyber · Sleuth Kit · AD1 · BlackLight/Macquisition native case/database exports — parse suite artifacts + merge custodian/hash overlap across platforms.","primaryToolSlugs":["nuix-workstation-case-export-forensic-analyzer","encase-ex01-evidence-file-forensic-analyzer","autopsy-case-database-forensic-analyzer","forensic-platform-case-correlation-merge-tool","case-report-generator"],"secondaryToolSlugs":["volatility-memory-dump-metadata-forensic-analyzer","paladin-forensic-suite-export-forensic-analyzer","axiom-cyber-cloud-artifact-export-analyzer","sleuth-kit-filesystem-artifact-timeline-extractor","ad1-logical-evidence-file-forensic-analyzer","blacklight-macquisition-image-forensic-analyzer","evidence-manifest-generator"]},{"slug":"drm-content-protection","label":"DRM / content protection forensics","shortLabel":"DRM","priority":"H","description":"Widevine · FairPlay · PlayReady · HDCP · browser EME sessions · Apple FPS · Android MediaDrm · Chromecast DRM — parse license chains + keybox artifacts + renewal anomalies locally.","primaryToolSlugs":["widevine-license-request-forensic-analyzer","playready-license-chain-forensic-analyzer","eme-browser-media-key-session-forensic-analyzer","drm-license-renewal-anomaly-detector","case-report-generator"],"secondaryToolSlugs":["widevine-keybox-artifact-forensic-extractor","fairplay-streaming-key-artifact-forensic-analyzer","hdcp-handshake-log-forensic-analyzer","apple-fps-streaming-artifact-forensic-extractor","android-mediadrm-session-forensic-analyzer","chromecast-widevine-drm-session-forensic-analyzer","evidence-manifest-generator"]},{"slug":"biometric-auth","label":"biometric authentication forensics","shortLabel":"biometric","priority":"H","description":"Face ID · Touch ID · Windows Hello · macOS Secure Enclave · Samsung Pass · voice/iris enrollment · spoof/liveness bypass detection · multi-modal auth timeline correlation.","primaryToolSlugs":["ios-face-id-enrollment-artifact-forensic-analyzer","android-biometric-prompt-session-forensic-analyzer","windows-hello-biometric-log-forensic-analyzer","multi-modal-biometric-auth-timeline-correlator","case-report-generator"],"secondaryToolSlugs":["ios-touch-id-template-metadata-forensic-extractor","macos-touch-id-secure-enclave-event-forensic-analyzer","samsung-pass-biometric-vault-forensic-analyzer","biometric-spoof-liveness-bypass-artifact-detector","voice-biometric-enrollment-artifact-forensic-analyzer","iris-recognition-template-metadata-forensic-analyzer","evidence-manifest-generator"]},{"slug":"ransomware-leak-site","label":"ransomware / leak site forensics","shortLabel":"ransomware","priority":"H","description":"negotiation chat logs · victim portals · double-extortion leak posts · onion service metadata · ransom note clustering · staging timeline correlation · affiliate rebrand detection · payment channel traces · Tor callbacks · exfil manifests.","primaryToolSlugs":["ransomware-negotiation-chat-log-forensic-analyzer","double-extortion-leak-site-post-forensic-analyzer","ransomware-initial-access-staging-timeline-correlator","ransomware-data-exfil-manifest-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["ransomware-victim-portal-access-log-forensic-analyzer","leak-site-onion-service-metadata-forensic-extractor","ransom-note-variant-cluster-forensic-analyzer","ransomware-group-affiliate-switch-detector","ransomware-payment-channel-trace-forensic-analyzer","ransomware-tor-callback-artifact-forensic-extractor","evidence-manifest-generator"]},{"slug":"browser-extension","label":"browser extension forensics","shortLabel":"extensions","priority":"H","description":"Chrome manifest permissions · Firefox XPI · Safari web extensions · Edge sideload policy · MV3 service worker logs · password-manager vault exports · ad-blocker filter lists · crypto wallet extension storage · content script injection · cross-profile correlation.","primaryToolSlugs":["chrome-extension-manifest-permission-forensic-analyzer","browser-extension-service-worker-log-forensic-analyzer","browser-extension-cross-profile-correlator","password-manager-extension-vault-forensic-extractor","case-report-generator"],"secondaryToolSlugs":["firefox-addon-xpi-artifact-forensic-extractor","safari-web-extension-artifact-forensic-analyzer","edge-extension-side-load-artifact-forensic-analyzer","crypto-wallet-browser-extension-artifact-forensic-extractor","browser-extension-content-script-injection-forensic-analyzer","ad-blocker-extension-filter-list-forensic-analyzer","evidence-manifest-generator"]},{"slug":"email-security-gateway","label":"email security gateway forensics","shortLabel":"email gateway","priority":"H","description":"Proofpoint TAP · Mimecast tracking · Barracuda ESS · Microsoft Defender for Office 365 message trace · Cisco ESA · Forcepoint ESG · secure link rewrite chains · phishing kit landing pages · BEC impersonation threads · quarantine release audits.","primaryToolSlugs":["proofpoint-tap-alert-export-forensic-analyzer","microsoft-defender-office365-message-trace-forensic-analyzer","bec-impersonation-thread-forensic-analyzer","email-url-rewrite-chain-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["mimecast-message-tracking-log-forensic-analyzer","barracuda-email-security-log-forensic-analyzer","cisco-email-security-appliance-log-forensic-analyzer","forcepoint-email-security-gateway-log-forensic-analyzer","phishing-kit-landing-page-artifact-forensic-extractor","email-security-gateway-quarantine-release-forensic-analyzer","evidence-manifest-generator"]},{"slug":"zero-trust-sase","label":"zero-trust / SASE access forensics","shortLabel":"zero-trust","priority":"H","description":"Zscaler ZIA/ZPA · Cloudflare Access · Palo Alto Prisma Access · Cisco Umbrella DNS · Netskope CASB · Okta device trust · Microsoft Entra conditional access · Tailscale WireGuard sessions · cross-vendor access anomaly correlation.","primaryToolSlugs":["zscaler-zia-web-log-forensic-analyzer","cloudflare-access-audit-log-forensic-analyzer","microsoft-entra-conditional-access-log-forensic-analyzer","zero-trust-access-anomaly-correlator","case-report-generator"],"secondaryToolSlugs":["zscaler-zpa-app-connector-log-forensic-analyzer","palo-alto-prisma-access-log-forensic-analyzer","cisco-umbrella-dns-security-log-forensic-analyzer","netskope-cloud-access-security-log-forensic-analyzer","okta-device-trust-posture-log-forensic-analyzer","tailscale-wireguard-session-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"software-supply-chain","label":"software supply chain forensics","shortLabel":"supply chain","priority":"H","description":"GitHub Actions provenance · npm Sigstore attestations · Rekor transparency logs · SLSA v1 metadata · dependency confusion · container SBOM layers · PyPI release integrity · Maven GPG signatures · Cargo yank audits · typosquat clustering.","primaryToolSlugs":["slsa-build-provenance-metadata-forensic-analyzer","github-actions-artifact-provenance-forensic-analyzer","dependency-confusion-package-metadata-forensic-analyzer","software-supply-chain-typosquat-cluster-detector","case-report-generator"],"secondaryToolSlugs":["npm-package-provenance-attestation-forensic-analyzer","sigstore-rekor-transparency-log-forensic-analyzer","container-image-sbom-layer-forensic-analyzer","pypi-release-integrity-forensic-analyzer","maven-central-artifact-signature-forensic-analyzer","cargo-crate-yanked-audit-forensic-analyzer","evidence-manifest-generator"]},{"slug":"physical-access-control","label":"physical access control forensics","shortLabel":"physical access","priority":"H","description":"Lenel OnGuard · CCure · Genetec Synergis · Honeywell Pro-Watch · Salto KS · Kisi cloud · badge cloning/replay detection · tailgating/piggyback correlation · visitor kiosk logs · after-hours/holiday anomaly detection.","primaryToolSlugs":["lenel-badge-reader-event-log-forensic-analyzer","genetec-synergis-access-log-forensic-analyzer","badge-cloning-replay-anomaly-detector","tailgating-piggyback-door-event-correlator","case-report-generator"],"secondaryToolSlugs":["ccure-badge-swipe-forensic-analyzer","honeywell-pro-watch-door-event-forensic-analyzer","salto-ks-mobile-key-audit-forensic-analyzer","kisi-cloud-access-log-forensic-analyzer","visitor-management-kiosk-log-forensic-analyzer","physical-access-holiday-anomaly-detector","evidence-manifest-generator"]},{"slug":"llm-prompt-injection","label":"LLM prompt injection forensics","shortLabel":"prompt injection","priority":"H","description":"injection attempt logs · jailbreak pattern clustering · RAG poisoning · system prompt exfiltration · adversarial turn sequences · tool-call injection · indirect document injection · guardrail bypass anomalies · multi-turn social engineering · red team evaluation logs.","primaryToolSlugs":["llm-prompt-injection-attempt-log-forensic-analyzer","chatbot-jailbreak-pattern-cluster-detector","llm-tool-call-injection-forensic-analyzer","ai-chat-export-adversarial-turn-sequence-analyzer","case-report-generator"],"secondaryToolSlugs":["rag-retrieval-poisoning-artifact-forensic-analyzer","llm-system-prompt-exfiltration-attempt-detector","indirect-prompt-injection-document-artifact-detector","llm-guardrail-bypass-score-anomaly-detector","multi-turn-social-engineering-llm-session-analyzer","llm-red-team-evaluation-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"cloud-iam-cspm","label":"cloud IAM / CSPM forensics","shortLabel":"cloud IAM","priority":"H","description":"AWS CloudTrail IAM · GCP audit IAM · Azure RBAC · Access Analyzer · Wiz CSPM · Lacework · Orca · Prisma Cloud · Scout Suite · excessive permission correlation across multi-cloud exports.","primaryToolSlugs":["aws-cloudtrail-iam-anomaly-forensic-analyzer","gcp-audit-log-iam-privilege-forensic-analyzer","azure-activity-log-rbac-forensic-analyzer","cloud-iam-excessive-permission-correlator","case-report-generator"],"secondaryToolSlugs":["aws-iam-access-analyzer-finding-forensic-analyzer","wiz-cspm-misconfiguration-forensic-analyzer","lacework-cloud-security-event-forensic-analyzer","orca-cloud-security-alert-forensic-analyzer","prisma-cloud-alert-forensic-analyzer","scout-suite-aws-assessment-forensic-analyzer","evidence-manifest-generator"]},{"slug":"soar-incident-orchestration","label":"SOAR / incident orchestration forensics","shortLabel":"SOAR","priority":"H","description":"Cortex XSOAR war room · Splunk SOAR playbook runs · Swimlane cases · Torq workflows · ServiceNow SecOps · PagerDuty bridges · indicator ledger · playbook deviation · enrichment actions · multi-platform correlation.","primaryToolSlugs":["cortex-xsoar-incident-war-room-forensic-analyzer","splunk-soar-playbook-run-forensic-analyzer","incident-response-playbook-deviation-detector","multi-soar-playbook-correlation-tool","case-report-generator"],"secondaryToolSlugs":["swimlane-case-timeline-forensic-analyzer","torq-automation-run-log-forensic-analyzer","servicenow-security-incident-response-forensic-analyzer","pagerduty-incident-bridge-forensic-analyzer","xsoar-indicator-ledger-forensic-extractor","soar-enrichment-action-forensic-analyzer","evidence-manifest-generator"]},{"slug":"endpoint-dlp","label":"endpoint DLP forensics","shortLabel":"endpoint DLP","priority":"H","description":"Microsoft Purview · Forcepoint · Symantec · Netskope · Digital Guardian · Proofpoint · USB exfil blocks · false-positive clustering · severity escalation · multi-vendor DLP correlation across incident exports.","primaryToolSlugs":["microsoft-purview-dlp-incident-forensic-analyzer","forcepoint-dlp-incident-log-forensic-analyzer","endpoint-dlp-usb-exfil-block-log-analyzer","multi-vendor-dlp-incident-correlator","case-report-generator"],"secondaryToolSlugs":["symantec-dlp-incident-export-forensic-analyzer","netskope-dlp-alert-forensic-analyzer","digital-guardian-dlp-event-forensic-analyzer","proofpoint-dlp-violation-forensic-analyzer","dlp-false-positive-pattern-cluster-detector","dlp-policy-severity-escalation-correlator","evidence-manifest-generator"]},{"slug":"secrets-manager-pam","label":"secrets manager / PAM forensics","shortLabel":"secrets / PAM","priority":"H","description":"AWS Secrets Manager · Azure Key Vault · GCP Secret Manager · Doppler · CyberArk PVWA · BeyondTrust · 1Password Connect · Bitwarden Secrets Manager · rotation failure correlation · cross-vault access overlap.","primaryToolSlugs":["aws-secrets-manager-access-log-forensic-analyzer","azure-key-vault-access-audit-forensic-analyzer","cyberark-privileged-access-session-forensic-analyzer","cross-vault-secret-access-correlator","case-report-generator"],"secondaryToolSlugs":["gcp-secret-manager-access-log-forensic-analyzer","doppler-secrets-sync-audit-forensic-analyzer","beyondtrust-password-safe-session-forensic-analyzer","one-password-connect-audit-log-forensic-analyzer","bitwarden-secrets-manager-audit-forensic-analyzer","secrets-rotation-failure-timeline-correlator","evidence-manifest-generator"]},{"slug":"api-gateway-edge-proxy","label":"API gateway / edge proxy forensics","shortLabel":"API gateway","priority":"H","description":"Kong · AWS API Gateway · Apigee · NGINX Plus · Traefik · Envoy · Cloudflare API Shield · AWS WAF rule matches · API key abuse bursts · multi-gateway traffic correlation across access logs.","primaryToolSlugs":["kong-gateway-access-log-forensic-analyzer","aws-api-gateway-access-log-forensic-analyzer","api-key-abuse-rate-limit-anomaly-detector","multi-gateway-api-traffic-correlator","case-report-generator"],"secondaryToolSlugs":["apigee-api-proxy-traffic-forensic-analyzer","nginx-plus-api-gateway-log-forensic-analyzer","traefik-access-log-forensic-analyzer","envoy-proxy-access-log-forensic-analyzer","cloudflare-api-shield-log-forensic-analyzer","aws-waf-api-gateway-rule-match-forensic-analyzer","evidence-manifest-generator"]},{"slug":"certificate-pki","label":"certificate / PKI forensics","shortLabel":"PKI","priority":"H","description":"CT logs · PKCS12 keystores · code-signing chains · TLS client auth · ACME issuance · Certbot · Windows certutil · macOS keychain trust · OCSP/CRL revocation · AD CS template misuse across cert lifecycle exports.","primaryToolSlugs":["certificate-transparency-log-forensic-analyzer","code-signing-certificate-chain-forensic-analyzer","enterprise-pki-template-misuse-detector","revoked-certificate-ocsp-crl-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["pkcs12-keystore-metadata-forensic-extractor","tls-client-certificate-handshake-log-forensic-analyzer","acme-certificate-issuance-audit-forensic-analyzer","lets-encrypt-certbot-log-forensic-analyzer","windows-certutil-cert-store-export-forensic-analyzer","macos-keychain-certificate-trust-forensic-analyzer","evidence-manifest-generator"]},{"slug":"dns-security","label":"DNS security forensics","shortLabel":"DNS security","priority":"H","description":"passive DNS · DoH/DoT · Infoblox RPZ · Cloudflare DNS firewall · Route 53 Resolver · DGA clustering · DNS tunneling entropy · split-horizon leaks · multi-resolver timeline correlation.","primaryToolSlugs":["passive-dns-resolution-history-forensic-analyzer","domain-generation-algorithm-dns-cluster-detector","dns-tunneling-entropy-anomaly-detector","multi-resolver-dns-timeline-correlator","case-report-generator"],"secondaryToolSlugs":["dns-over-https-query-log-forensic-analyzer","dns-over-tls-session-log-forensic-analyzer","infoblox-dns-security-log-forensic-analyzer","cloudflare-dns-firewall-log-forensic-analyzer","aws-route53-resolver-query-log-forensic-analyzer","split-horizon-dns-policy-violation-detector","evidence-manifest-generator"]},{"slug":"ngfw-firewall-platform","label":"NGFW / firewall platform forensics","shortLabel":"NGFW","priority":"H","description":"Palo Alto · FortiGate · Check Point · Firepower · Juniper SRX · Sophos XG · WatchGuard · pfSense · OPNsense · multi-NGFW traffic correlation across firewall log exports.","primaryToolSlugs":["palo-alto-traffic-log-forensic-analyzer","fortinet-fortigate-traffic-log-forensic-analyzer","checkpoint-firewall-log-forensic-analyzer","multi-ngfw-traffic-correlator","case-report-generator"],"secondaryToolSlugs":["cisco-firepower-connection-log-forensic-analyzer","juniper-srx-flow-log-forensic-analyzer","sophos-firewall-traffic-log-forensic-analyzer","watchguard-firebox-traffic-log-forensic-analyzer","pfsense-filterlog-forensic-analyzer","opnsense-firewall-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"vulnerability-exposure-management","label":"vulnerability / exposure management forensics","shortLabel":"vuln / exposure","priority":"H","description":"Tenable Nessus · Qualys VMDR · Rapid7 InsightVM · Defender VM · CrowdStrike Spotlight · Wiz exposure · Shodan · Censys · SLA breach detection · cross-scanner CVE overlap correlation.","primaryToolSlugs":["tenable-nessus-scan-export-forensic-analyzer","qualys-vmdr-finding-export-forensic-analyzer","wiz-exposure-finding-forensic-analyzer","cross-scanner-cve-overlap-correlator","case-report-generator"],"secondaryToolSlugs":["rapid7-insightvm-asset-vulnerability-forensic-analyzer","microsoft-defender-vulnerability-management-export-analyzer","crowdstrike-spotlight-vulnerability-export-analyzer","shodan-host-export-forensic-analyzer","censys-host-certificate-export-forensic-analyzer","vulnerability-remediation-sla-breach-detector","evidence-manifest-generator"]},{"slug":"identity-governance-iga","label":"identity governance / IGA forensics","shortLabel":"IGA","priority":"H","description":"SailPoint · Saviynt · Okta lifecycle · Entra governance · Ping · OneLogin · role mining · orphaned accounts · SoD violations · cross-IGA lifecycle correlation.","primaryToolSlugs":["sailpoint-identityiq-certification-export-forensic-analyzer","saviynt-access-governance-audit-forensic-analyzer","segregation-of-duties-violation-forensic-analyzer","cross-iga-account-lifecycle-correlator","case-report-generator"],"secondaryToolSlugs":["okta-lifecycle-provisioning-log-forensic-analyzer","microsoft-entra-governance-access-review-forensic-analyzer","ping-identity-access-management-audit-forensic-analyzer","onelogin-user-provisioning-event-forensic-analyzer","iga-role-mining-anomaly-detector","orphaned-account-detector-from-iga-export","evidence-manifest-generator"]},{"slug":"backup-disaster-recovery","label":"backup / disaster recovery forensics","shortLabel":"backup / DR","priority":"H","description":"Veeam · Rubrik · Commvault · Acronis · Datto BCDR · AWS Backup · Azure RSV · backup deletion anomalies · ransomware target tampering · multi-vendor backup timeline correlation.","primaryToolSlugs":["veeam-backup-job-session-forensic-analyzer","rubrik-backup-snapshot-audit-forensic-analyzer","backup-deletion-anomaly-detector","ransomware-backup-target-tampering-detector","case-report-generator"],"secondaryToolSlugs":["commvault-backup-job-log-forensic-analyzer","acronis-backup-task-export-forensic-analyzer","datto-bcdr-restore-point-forensic-analyzer","aws-backup-recovery-point-forensic-analyzer","azure-recovery-services-vault-backup-forensic-analyzer","multi-vendor-backup-timeline-correlator","evidence-manifest-generator"]},{"slug":"court-ready-kits","label":"court-ready investigation kits","shortLabel":"court kits","priority":"H","description":"composite case-type orchestrators — deepfake voice fraud · NFT rug pull · HIPAA breach · elder abuse · custody device audit · whistleblower retaliation · credential stuffing · defamation · supply-chain incident · tenancy disputes. drop multi-artifact exports, get a structured binder locally.","primaryToolSlugs":["deepfake-voice-cloning-fraud-investigation-kit","medical-records-breach-investigation-kit","whistleblower-retaliation-evidence-kit","supply-chain-compromise-incident-kit","case-report-generator"],"secondaryToolSlugs":["nft-rug-pull-victim-investigation-kit","credential-stuffing-victim-response-kit","online-defamation-harassment-litigation-kit","elder-abuse-financial-exploitation-kit","custody-child-safety-device-audit-kit","tenant-landlord-digital-evidence-kit","evidence-manifest-generator"]},{"slug":"gaming-anticheat","label":"gaming anti-cheat forensics","shortLabel":"anti-cheat","priority":"H","description":"EAC · BattlEye · Vanguard · FACEIT · VAC · Fortnite · Hyperion kernel logs — cheat driver signatures · memory scan triggers · multi-game ban correlation. for esports integrity, platform abuse, and ban-evasion disputes.","primaryToolSlugs":["easy-anti-cheat-kernel-log-forensic-analyzer","battleye-violation-log-forensic-analyzer","multi-game-anticheat-ban-correlation-tool","kernel-mode-cheat-driver-signature-anomaly-detector","case-report-generator"],"secondaryToolSlugs":["valorant-vanguard-service-log-forensic-analyzer","faceit-client-anticheat-artifact-forensic-extractor","vac-steam-ban-history-forensic-analyzer","fortnite-anticheat-log-forensic-analyzer","roblox-hyperion-anticheat-artifact-analyzer","game-memory-scan-trigger-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"smart-city-bas","label":"smart city / building automation","shortLabel":"smart city","priority":"H","description":"municipal infrastructure beyond consumer IoT — traffic signal controllers · streetlight CMS · parking meter CDR · city CCTV VMS · BMS/HVAC trends · badge access · elevator events · AMI head-end · footfall + air quality sensors.","primaryToolSlugs":["traffic-signal-controller-event-log-forensic-analyzer","access-control-badge-swipe-log-forensic-analyzer","municipal-cctv-vms-export-forensic-analyzer","bms-hvac-trend-log-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["smart-streetlight-controller-log-forensic-analyzer","parking-meter-transaction-forensic-analyzer","elevator-control-system-event-log-forensic-analyzer","smart-grid-ami-head-end-log-forensic-analyzer","pedestrian-counting-sensor-log-forensic-analyzer","environmental-air-quality-sensor-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"matter-thread-edge","label":"Matter / Thread smart home edge","shortLabel":"Matter/Thread","priority":"H","description":"next-gen smart home beyond Zigbee/Z-Wave — Matter commissioning · OpenThread border routers · Home Key NFC locks · Nest/Dirigera/Aqara hub logs · NB-IoT modem sessions · EnOcean + LonWorks · multi-protocol device correlation.","primaryToolSlugs":["matter-protocol-commissioning-log-forensic-analyzer","thread-border-router-log-forensic-analyzer","multi-protocol-smart-home-device-correlation-tool","apple-home-key-nfc-lock-event-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["google-nest-thread-border-router-log-analyzer","ikea-dirigera-hub-artifact-forensic-extractor","aqara-matter-hub-log-forensic-analyzer","nb-iot-modem-session-log-forensic-analyzer","enocean-wireless-sensor-log-forensic-analyzer","lonworks-building-automation-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"ics-ot-fieldbus","label":"ICS / OT fieldbus protocol forensics","shortLabel":"fieldbus","priority":"H","description":"industrial protocol expansion beyond Modbus/DNP3/OPC-UA — IEC 61850 GOOSE + sampled values · HART · Foundation Fieldbus · Profibus DP · CC-Link IE · AS-Interface · MELSEC MC · Omron FINS · Schneider Modicon program changes.","primaryToolSlugs":["iec-61850-goose-message-forensic-analyzer","iec-61850-sampled-values-stream-forensic-analyzer","schneider-modicon-program-change-forensic-analyzer","profibus-dp-master-log-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["hart-protocol-command-log-forensic-analyzer","foundation-fieldbus-h1-traffic-forensic-analyzer","cc-link-ie-field-network-log-forensic-analyzer","as-interface-i-o-cycle-log-forensic-analyzer","melsec-mc-protocol-log-forensic-analyzer","omron-fins-protocol-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"cross-correlation","label":"cross-tool correlation / FatCousin export merge","shortLabel":"correlation","priority":"H","description":"merge CSV/JSON exports from other FatCousin tools — EDR findings overlap · super-timeline · IOC hash intersection · SaaS audit actor linking · browser/mobile/wallet export correlation. meta-layer on top of tool output, not raw evidence.","primaryToolSlugs":["fatcousin-multi-tool-super-timeline-correlator","fatcousin-cross-export-ioc-hash-correlator","fatcousin-edr-findings-export-correlator","case-report-generator"],"secondaryToolSlugs":["fatcousin-saas-audit-export-correlator","fatcousin-cloud-log-findings-export-merge-correlator","fatcousin-browser-artifact-export-correlator","fatcousin-mobile-artifact-export-correlator","fatcousin-messaging-app-export-correlator","evidence-manifest-generator"]},{"slug":"insurance","label":"insurance claims fraud","shortLabel":"insurance","priority":"H","description":"carrier claim exports · staged-loss correlator · SIU report outline · telematics gps. image forensics + mobile parsers in secondary.","primaryToolSlugs":["insurance-claim-fraud-investigation-kit","staged-loss-multi-source-correlator","vehicle-telematics-gps-track-export-correlator","progressive-snapshot-telematics-claim-export-forensic-analyzer","geico-mobile-claim-export-forensic-analyzer","verisk-claimcore-export-forensic-analyzer","insurance-siu-investigation-report-normalizer","workers-comp-claim-export-forensic-analyzer"],"secondaryToolSlugs":["allstate-mobile-claim-app-artifact-forensic-extractor","state-farm-mobile-claim-artifact-forensic-extractor","case-report-generator","ela-detector","prnu-fingerprinter","metadata-inconsistency-finder","metadata-consistency-checker","copy-move-forgery-detector","jpeg-compression-estimator","ai-generated-image-provenance-analyzer","screenshot-origin-detector","exif-fixer","document-metadata-genealogy-tracer","rivian-mobile-app-artifact-forensic-extractor","can-bus-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"financial-aml","label":"financial / AML / KYC","shortLabel":"financial","priority":"H","description":"transaction-graph clustering, mixer pattern detection, sanctions list crossing, OFAC SDN matching. crypto-heavy but also covers traditional payment rails.","primaryToolSlugs":["bitcoin-tx-decoder","ethereum-tx-decoder","crypto-tx-graph","crypto-transaction-graph","bitcoin-address-clustering","crypto-mixer-pattern-detector","monero-transaction-analyzer","crypto-wallet-classifier"],"secondaryToolSlugs":["blockchain-timestamp-verifier","bill-com-ap-audit-log-forensic-analyzer","ap-vendor-bank-change-anomaly-detector","coupa-procurement-audit-log-forensic-analyzer","cross-ap-procurement-invoice-correlator","openair-psa-audit-log-forensic-analyzer","psa-billing-rate-manipulation-detector","cross-psa-erp-billing-correlator","brex-card-transaction-export-forensic-analyzer","nft-metadata-forensics","smart-contract-bytecode-analyzer","multi-source-entity-resolver","investigation-knowledge-graph","fednow-payment-message-forensic-analyzer","instant-payment-fraud-velocity-correlator","case-report-generator"]},{"slug":"instant-payments","label":"instant payments / RTP forensics","shortLabel":"instant pay","priority":"H","description":"FedNow · RTP · SEPA Instant · same-day ACH · ISO 20022 pain/camt · fraud velocity correlation · CBDC pilot ledgers · PSD2 AISP consent · embedded finance sub-ledger reconciliation.","primaryToolSlugs":["fednow-payment-message-forensic-analyzer","rtp-real-time-payment-trace-forensic-analyzer","instant-payment-fraud-velocity-correlator","iso20022-pain001-payment-initiation-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["sepa-instant-credit-transfer-forensic-analyzer","ach-same-day-entry-forensic-analyzer","iso20022-camt053-statement-forensic-analyzer","open-banking-psd2-aisp-consent-log-forensic-analyzer","embedded-finance-ledger-reconciliation-forensic-analyzer","cbdc-digital-currency-transaction-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"mobile-extraction-suites","label":"commercial mobile extraction suite exports","shortLabel":"extraction","priority":"H","description":"UFDR/XRY/Oxygen/AXIOM/Belkasoft/MobileEdit/FTK/EnCase/Santoku case exports beyond raw iOS/Android backups — parse vendor artifacts + validate extraction chain-of-custody metadata locally.","primaryToolSlugs":["cellebrite-ufdr-export-forensic-analyzer","oxygen-forensic-suite-export-forensic-analyzer","magnet-axiom-mobile-artifact-forensic-extractor","mobile-extraction-chain-of-custody-metadata-validator","case-report-generator"],"secondaryToolSlugs":["msab-xry-mobile-extraction-forensic-analyzer","belkasoft-evidence-center-export-forensic-analyzer","mobiledit-forensic-express-export-forensic-analyzer","ftk-mobile-mount-image-forensic-analyzer","encase-mobile-phone-acquisition-forensic-analyzer","santoku-mobile-forensic-workbench-export-analyzer","evidence-manifest-generator"]},{"slug":"trucking-eld","label":"trucking / ELD / FMCSA","shortLabel":"trucking","priority":"L","description":"electronic logging device data, hours-of-service compliance, ELD certification anomaly, telematics-spliced log integrity.","primaryToolSlugs":["gis-track-forensics","obd2-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["log-gap-analyzer","log-authenticity-scorer","tms-unauthorized-route-change-detector","cross-tms-wms-shipment-correlator","j1939-heavy-duty-bus-log-forensic-analyzer","uds-diagnostic-session-forensic-analyzer","evidence-manifest-generator"]},{"slug":"automotive-oem","label":"automotive / OEM app & telematics forensics","shortLabel":"automotive","priority":"H","description":"Rivian · OnStar · BMW · Mercedes · Tesla app exports · CAN/J1939 bus logs · UDS diagnostic sessions · multi-OEM GPS track correlation — when vehicle evidence is OEM app cache or bus dump, not generic OBD-II alone.","primaryToolSlugs":["toyota-connected-services-app-forensic-extractor","hyundai-kia-bluelink-app-forensic-extractor","stellantis-uconnect-app-forensic-extractor","key-fob-relay-attack-pattern-detector","tesla-fsd-disengagement-telemetry-forensic-analyzer","can-bus-log-forensic-analyzer","vehicle-telematics-gps-track-export-correlator","gm-onstar-mobile-app-forensic-analyzer"],"secondaryToolSlugs":["ford-pass-connect-app-forensic-extractor","bmw-connected-drive-app-forensic-analyzer","mercedes-me-app-artifact-forensic-extractor","rivian-mobile-app-artifact-forensic-extractor","tesla-mobile-app-sync-metadata-forensic-extractor","case-report-generator","j1939-heavy-duty-bus-log-forensic-analyzer","uds-diagnostic-session-forensic-analyzer","obd2-forensic-analyzer","evidence-manifest-generator"]},{"slug":"supply-chain-ops","label":"supply chain / TMS · WMS · MES · APS · QMS · PLM","shortLabel":"supply ops","priority":"M","description":"transportation · WMS · MES · APS · QMS · PLM · CMMS · S&OP fraud — freight manipulation, shrinkage, recipe tampering, forecast bias, safety-stock abuse, CAPA abuse, BOM changes from ops audit exports you already pulled.","primaryToolSlugs":["oracle-otm-tms-audit-log-forensic-analyzer","manhattan-wms-inventory-export-forensic-analyzer","plex-mes-audit-log-forensic-analyzer","kinaxis-rapidresponse-aps-export-forensic-analyzer","mastercontrol-qms-audit-log-forensic-analyzer","ptc-windchill-plm-audit-log-forensic-analyzer","ibm-maximo-cmms-work-order-export-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["aps-unauthorized-forecast-change-detector","aps-safety-stock-manipulation-detector","cross-sop-aps-demand-correlator","cross-aps-wms-fulfillment-correlator","qms-unauthorized-capa-change-detector","plm-unauthorized-bom-change-detector","mes-unauthorized-recipe-change-detector","inventory-shrinkage-anomaly-detector","cross-qms-mes-quality-correlator","cross-plm-mes-engineering-correlator","anaplan-sop-audit-log-forensic-analyzer","cross-tms-wms-shipment-correlator","evidence-manifest-generator"]},{"slug":"file-artifacts","label":"file & filesystem artifact forensics","shortLabel":"file artifacts","priority":"H","description":"carving · NTFS logfile replay · sparse/hidden files · compound document extraction · registry hive recovery · entropy slicing — when the evidence is the bytes on disk, not a SaaS export.","primaryToolSlugs":["file-carver","file-signature-batch-scanner","ntfs-logfile-parser","compound-document-carver","registry-hive-carver","sparse-file-detector","file-entropy-slicer","case-report-generator"],"secondaryToolSlugs":["semantic-file-carver","file-birth-time-analyzer","deleted-file-timeline","sqlite-record-carver","filesystem-journal-gap-analyzer","sleuth-kit-filesystem-artifact-timeline-extractor","ad1-logical-evidence-file-forensic-analyzer","encase-ex01-evidence-file-forensic-analyzer","evidence-manifest-generator"]},{"slug":"satellite-gnss","label":"satellite / GNSS / LEO terminal forensics","shortLabel":"satellite","priority":"M","description":"Starlink · Iridium · Inmarsat · Globalstar terminal logs · GNSS spoofing/jamming artifacts · LEO handover traces · ground-station access — when comms evidence comes from satcom exports, not cellular PCAP.","primaryToolSlugs":["starlink-terminal-telemetry-forensic-analyzer","gnss-spoofing-jamming-artifact-detector","iridium-sbd-short-burst-data-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["gps-almanac-ephemeris-tamper-detector","leo-satellite-handover-session-log-analyzer","satcom-ip-backhaul-traffic-forensic-analyzer","adsb-spoofing-detection-from-receiver","evidence-manifest-generator"]},{"slug":"telecom-5g","label":"telecom / 5G SA / mobile carrier signaling","shortLabel":"telecom","priority":"H","description":"5G SA core AMF/SMF/UPF logs · RAN vendor events · NAS/NGAP decoders · SS7/Diameter/GTP legacy signaling · IMSI catcher detection · lawful intercept audit — when evidence is carrier exports, not handset backups.","primaryToolSlugs":["5g-amf-access-log-forensic-analyzer","5g-smf-session-log-forensic-analyzer","ericsson-ran-event-log-forensic-analyzer","imsi-catcher-stingray-pattern-detector","case-report-generator"],"secondaryToolSlugs":["5g-ausf-auth-log-forensic-analyzer","5g-xn-handover-log-forensic-analyzer","5g-nas-message-forensic-analyzer","ss7-message-forensic-analyzer","diameter-signaling-log-forensic-analyzer","lawful-intercept-x1-x2-x3-log-forensic-analyzer","evidence-manifest-generator"]},{"slug":"utilities-scada","label":"utilities / SCADA / OT","shortLabel":"SCADA","priority":"M","description":"ICS/OT incident response — historian data, HMI screenshots, PLC program-change audit, field service work-order fraud, vendor-specific binary firmware analysis.","primaryToolSlugs":["firmware-analyzer","iot-firmware-forensic-extractor","pcap-reader","pcap-analyzer","servicemax-fsm-audit-log-forensic-analyzer","protocol-misuse-detector","case-report-generator"],"secondaryToolSlugs":["fsm-unauthorized-work-order-close-detector","fsm-gps-location-spoofing-detector","multi-fsm-platform-timeline-correlator","cross-fsm-cmms-maintenance-correlator","traffic-signal-controller-event-log-forensic-analyzer","smart-grid-ami-head-end-log-forensic-analyzer","bms-hvac-trend-log-forensic-analyzer","iec-61850-goose-message-forensic-analyzer","schneider-modicon-program-change-forensic-analyzer","incident-timeline-builder","multi-artifact-correlator","evidence-manifest-generator"]},{"slug":"retail-pos","label":"retail / POS / loss prevention","shortLabel":"retail","priority":"L","description":"POS terminal forensics, void/cash-drawer abuse, loyalty points fraud, trade promotion spend leakage, scan-data manipulation, inventory shrink correlation.","primaryToolSlugs":["square-pos-transaction-export-forensic-analyzer","toast-pos-export-forensic-analyzer","pos-unauthorized-void-detector","tpm-spend-leakage-detector","cross-tpm-pos-promotion-correlator","loyalty-unauthorized-points-adjustment-detector","case-report-generator"],"secondaryToolSlugs":["vividly-trade-promotion-export-forensic-analyzer","tpm-unauthorized-promo-approval-detector","tpm-scan-data-manipulation-detector","multi-tpm-platform-timeline-correlator","ncr-pos-audit-log-forensic-analyzer","multi-pos-platform-timeline-correlator","cross-loyalty-pos-redemption-correlator","evidence-manifest-generator"]},{"slug":"hr-workforce","label":"HR / workforce SaaS audit","shortLabel":"HR workforce","priority":"H","description":"Workday · ADP · UKG · Carta · Topia · ethics hotline exports. payroll fraud · ghost employees · equity grant tampering · relocation cost inflation · whistleblower retaliation chains — all from SaaS audit CSV/JSON you already exported.","primaryToolSlugs":["workday-hcm-audit-log-forensic-analyzer","adp-payroll-audit-log-forensic-analyzer","payroll-ghost-employee-detector","carta-equity-cap-table-export-forensic-analyzer","topia-global-mobility-export-forensic-analyzer","navex-ethics-hotline-export-forensic-analyzer","servicenow-hrsd-case-export-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["cross-equity-payroll-exercise-correlator","cross-mobility-payroll-relocation-correlator","cross-ethics-hcm-retaliation-correlator","cross-er-hrsd-case-correlator","multi-hcm-platform-timeline-correlator","evidence-manifest-generator","incident-timeline-builder","chain-of-custody-gap-detector"]},{"slug":"government-classified","label":"government / classified spillage","shortLabel":"classified","priority":"M","description":"classified data spillage, cross-domain artifact analysis, insider-threat at clearance scale. local-first matters here — nothing leaves the device.","primaryToolSlugs":["insider-threat-indicator-scorer","data-access-anomaly-detector","credential-lateral-movement-tracer","lnk-deep-analyzer","shellbags-analyzer","jump-list-parser","secure-deletion-detector","case-report-generator"],"secondaryToolSlugs":["redaction-quality-verifier","chain-of-custody-gap-detector","pqc-x509-certificate-chain-migration-detector","hybrid-pqc-tls-handshake-forensic-analyzer","evidence-manifest-generator","user-behavior-baseline-profiler"]},{"slug":"gig-economy","label":"gig economy / platform payout forensics","shortLabel":"gig economy","priority":"H","description":"DoorDash · Uber · Instacart · Lyft payout disputes — Stripe/PayPal subpoena normalizers · Venmo/Cash App mobile artifacts · payroll/timesheet cross-checks. interim surface until platform-native parsers ship.","primaryToolSlugs":["payment-processor-subpoena-response-normalizer-stripe","payment-processor-subpoena-response-normalizer-paypal","venmo-transaction-export-forensic-analyzer","ios-venmo-artifact-forensic-extractor","case-report-generator"],"secondaryToolSlugs":["ios-cash-app-artifact-forensic-extractor","cross-payroll-wfm-timesheet-correlator","payroll-unauthorized-adjustment-detector","fatcousin-multi-tool-super-timeline-correlator","fatcousin-cross-export-ioc-hash-correlator","evidence-manifest-generator"]},{"slug":"creator-economy","label":"creator economy / livestreaming forensics","shortLabel":"creator economy","priority":"M","description":"Twitch · YouTube · Kick audit exports · OBS/Streamlabs stream-key config · live chat/VOD metadata · OAuth grants · deepfake voice/video · tip/donation redirect disputes.","primaryToolSlugs":["obs-streamlabs-config-forensic-analyzer","twitch-chat-log-forensic-analyzer","youtube-gaming-stream-chat-forensic-analyzer","video-deepfake-analyzer","ai-synthetic-voice-generation-artifact-analyzer","deepfake-voice-cloning-fraud-investigation-kit","case-report-generator"],"secondaryToolSlugs":["twitch-stream-vod-metadata-forensic-extractor","kick-streaming-chat-log-forensic-analyzer","face-swap-artifact-detector","google-account-activity-export-forensic-deep-analyzer","casb-oauth-token-abuse-detector","url-unshortener-chain","fatcousin-multi-tool-super-timeline-correlator","fatcousin-cross-export-ioc-hash-correlator","evidence-manifest-generator"]},{"slug":"consumer-fraud-reporting","label":"consumer fraud reporting · victim intake","shortLabel":"consumer fraud","priority":"H","description":"individual victims · legal aid · AARP fraud watch — ic3 · ftc reportfraud · cfpb · state ag (ny+ca) prep-kits bundle evidence into draft official reports. fatcousin does not file for you.","primaryToolSlugs":["ic3-fbi-cybercrime-complaint-prep-kit","ftc-report-fraud-submission-prep-kit","cfpb-financial-complaint-prep-kit","state-ag-consumer-complaint-multi-state-prep-kit","case-report-generator"],"secondaryToolSlugs":["credential-stuffing-victim-response-kit","data-breach-victim-notification-readiness-kit","synthetic-identity-fraud-investigation-kit","elder-abuse-financial-exploitation-kit","nft-rug-pull-victim-investigation-kit","online-defamation-harassment-litigation-kit","evidence-manifest-generator","fatcousin-multi-tool-super-timeline-correlator","fatcousin-cross-export-ioc-hash-correlator"]},{"slug":"education-k12","label":"K–12 IT response · student safety monitors + SIS","shortLabel":"K–12","priority":"H","description":"district IT · counsel · school boards — gaggle · bark · goguardian · securly monitor exports · powerschool · infinite campus sis · google classroom · schoology · local-only · fatcousin does not upload student records.","primaryToolSlugs":["gaggle-student-safety-alert-export-forensic-analyzer","bark-school-edition-alert-export-forensic-analyzer","powerschool-sis-audit-log-forensic-analyzer","google-classroom-audit-log-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["schoology-audit-log-forensic-analyzer","goguardian-classroom-monitor-export-forensic-analyzer","securly-aware-alert-export-forensic-analyzer","lightspeed-classroom-monitor-log-forensic-analyzer","infinite-campus-sis-audit-log-forensic-analyzer","evidence-manifest-generator","writing-sample-authorship-comparator","fatcousin-multi-tool-super-timeline-correlator","fatcousin-cross-export-ioc-hash-correlator"]},{"slug":"elder-care-ltc","label":"elder care · LTC facility forensics","shortLabel":"elder care LTC","priority":"H","description":"APS · family · fiduciaries · ombudsmen — skilled-nursing and assisted-living audit exports · POA misuse · joint-account exploitation · MAR/PMP adjacency. distinct from acute-care EHR — pointclickcare · matrixcare · alis ltc parsers on disk. fatcousin does not upload PHI.","primaryToolSlugs":["elder-abuse-financial-exploitation-kit","controlled-substance-pmp-log-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["pointclickcare-facility-audit-log-forensic-analyzer","matrixcare-resident-chart-export-forensic-analyzer","alis-ltc-resident-activity-log-forensic-analyzer","medical-records-breach-investigation-kit","hipaa-break-glass-access-log-forensic-analyzer","meditech-expanse-audit-log-forensic-analyzer","evidence-manifest-generator","fatcousin-multi-tool-super-timeline-correlator","fatcousin-cross-export-ioc-hash-correlator"]},{"slug":"real-estate-title","label":"real estate title · closing wire fraud + deed forgery","shortLabel":"real estate title","priority":"H","description":"title counsel · insurer SIU · county recorder review — qualia · softpro · resware audit exports · docusign closing-packet revision · MT103 wire messages · corelogic datatree deed records · RON session logs. distinct from generic BEC — alta settlement and title file numbers in evidence.","primaryToolSlugs":["qualia-title-platform-audit-log-forensic-analyzer","docusign-real-estate-closing-packet-cert-chain-analyzer","swift-mt-message-forensic-analyzer","corelogic-deed-record-export-forensic-analyzer","case-report-generator"],"secondaryToolSlugs":["softpro-closing-software-audit-log-forensic-analyzer","resware-title-production-audit-forensic-analyzer","notarize-pavaso-ron-session-log-forensic-analyzer","email-header-analyzer","email-thread-reconstructor","pdf-author-revision-metadata-analyzer","pdf-digital-signature-chain-analyzer","fednow-payment-message-forensic-analyzer","evidence-manifest-generator","fatcousin-multi-tool-super-timeline-correlator","fatcousin-cross-export-ioc-hash-correlator"]},{"slug":"api-agentic-action","label":"agentic AI forensics · API / MCP / copilot","shortLabel":"agentic AI","priority":"H","description":"agent tool-call traces · MCP server call graphs · prompt-vs-action divergence · credential-handling audit · agent persistence + exfil patterns · Claude / GPT / Gemini / Copilot artifact trails. distinct from llm-prompt-injection — runaway is the agent acting outside its prompt scope, not a malicious prompt.","primaryToolSlugs":["ai-agent-tool-call-execution-trace-reconstructor","ai-agent-prompt-vs-action-divergence-detector","ai-agent-autonomous-action-accountability-tracer","mcp-tool-call-graph-reconstructor","anthropic-mcp-claude-tool-call-attribution-tool","microsoft-copilot-365-audit-forensic-extractor"],"secondaryToolSlugs":["ai-agent-credential-handling-audit","ai-agent-persistence-mechanism-detector","ai-agent-network-exfiltration-pattern-detector","ai-agent-multi-step-transaction-graph-builder","ai-agent-file-system-modification-trace-builder","mcp-server-permission-escalation-detector","microsoft-copilot-artifact-forensic-analyzer","github-copilot-usage-artifact-analyzer","github-copilot-workspace-artifact-forensic-extractor","llm-tool-call-injection-forensic-analyzer","casb-oauth-token-abuse-detector","saas-overprivileged-oauth-scope-detector","fatcousin-multi-tool-super-timeline-correlator","fatcousin-cross-export-ioc-hash-correlator","case-report-generator","evidence-manifest-generator"]}]