fatcousin
// case type

cyberstalking

broader than stalkerware-app: social-graph harassment, doxing, multi-account impersonation, location-leak surfaces.

tools
11
priority
M
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this case type.

  1. ai chatbot multi-account correlation analyzercorrelate AI chatbot accounts, sessions, and devices across platforms · detect multi-account usage, shared devices, account switching · runs locally
  2. multi-source entity resolverdrop forensic csvs · resolve names emails usernames ips across sources · probabilistic entity profiles · runs locally
  3. investigation knowledge graph builderdrop forensic csv exports · extract entities and relationships · knowledge graph visualization · hub and path analysis · runs locally
  4. osint normalizerpaste osint dump · extract emails phones ips crypto handles · disposable tor private heuristics · e.164 · five tabs · per-category csv · runs locally
  5. natural language writing sample authorship comparatordrop multiple text files or paste writing samples · compute 40 plus stylometric features · sentence length distribution · vocabulary richness · function word frequencies · punctuation patterns · produce similarity score with confidence intervals between samples · runs locally
  6. ios significant locations forensic extractordrop routined Cache.sqlite · parse significant places visits · home work inference · visit timeline · runs locally
  7. android google timeline artifact forensic extractordrop Google Timeline JSON, Takeout location history files, semantic location history exports, or Maps activity artifacts · parse places, visits, activity segments, coordinates, confidence values, and edit metadata · reconstruct Google-derived movement history · runs locally
  8. domain reputation analyzerpaste domains or IPs · score by entropy · TLD risk · homoglyph detection · DGA patterns · punycode abuse · age heuristics · no external lookup · runs locally

also useful · secondary tools

supporting and follow-up tools. surface as the investigation widens.

  1. url redirect chain tracerpaste shortened URLs · trace full redirect chain via proxy · detect malicious redirects · show final destination · flag suspicious hops · runs locally
  2. email impersonation pattern detectordrop multiple eml files or paste headers · detect display name spoofing domain lookalikes and reply-to hijacking · identify impersonation patterns targeting specific individuals or organizations · surface BEC and CEO fraud indicators · runs locally
  3. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
// case-kit pipeline

run as a stack

skip the click-through. these presets are curated forensic pipelines you can save as a stack with one click and run on your evidence locally.

  • cyberstalking — OSINT correlator

    8 steps

    drop OSINT exports + message artifacts → normalize → entity resolve → knowledge graph → authorship → IOC correlate → report

    1. 01evidence-manifest-generatorhash every OSINT + message export before correlation
    2. 02osint-normalizernormalize disparate OSINT formats into a common schema
    3. 03multi-source-entity-resolverresolve the same person across multiple platforms / accounts
    4. 04investigation-knowledge-graphbuild a knowledge graph linking entities + relationships
    5. 05writing-sample-authorship-comparatorcompare writing style across anonymous accounts
    6. 06ioc-extractorpull contact identifiers + URLs from all text inputs
    7. 07multi-artifact-correlatorsurface identifiers shared across multiple artifact bundles
    8. 08case-report-generatordraft a report linking multi-account identities to the stalking pattern
// pattern-matched

related tools

tools that the manifest-classifier flagged as plausibly useful here but that aren't in the hand-curated lists above. less editorial weight — scan, don't work top-down.

ready