fatcousin
// case type

medical device tamper / clinical IoT

device integrity — wrong dose, alarm suppression, unauthorized config. not PHI exfil; evidence is pump, ventilator, monitor, and UDI session logs.

tools
14
priority
H
processing
local · in browser
// start here

entry point: insulin pump log forensic analyzer. work the primary tools top-down — all local, no upload.

run this kit →

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this case type.

  1. insulin pump log forensic analyzerdrop insulin pump csv export (medtronic / tandem) · parse boluses + basal changes + alarms · runs locally
  2. philips intellivue monitor alarm log forensic analyzerdrop intellivue alarm export · parse arrhythmia + threshold + silence events · runs locally
  3. medical device udi tracking log forensic analyzerdrop udi scan + inventory export · parse implant lot + location chain · runs locally
  4. hipaa break glass access log forensic analyzerdrop break-glass/emergency access export · parse reason code + patient + approver · runs locally
  5. log file authenticity and integrity scorerdrop any log file · verify internal consistency · line endings · timestamps · detect log injection · fabrication indicators · authenticity score · runs locally
  6. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

supporting and follow-up tools. surface as the investigation widens.

  1. ventilator therapy session log forensic analyzerdrop ventilator trend/log export · parse mode changes + alarm + settings timeline · runs locally
  2. dialysis machine session log forensic analyzerdrop hemodialysis session export · parse treatment params + alarm + blood leak flags · runs locally
  3. ehr patient portal access log forensic analyzerdrop mychart/portal access export · parse proxy + message view + download events · runs locally
  4. dicom medical imaging metadata forensic analyzerdrop dicom files · parse metadata tags · extract patient equipment data · detect anonymization failures · runs locally
  5. windows event log gap analyzerdrop multiple evtx · merged timeline · logging gaps · clearing events · ransomware prep chains · service persistence hints · runs locally
  6. fatcousin multi tool super timeline correlatordrop any fatcousin findings csv/json · unified timestamp-sorted timeline · runs locally
  7. fatcousin cross export ioc hash correlatordrop hash/ioc csv from any fatcousin tool · shared indicator intersection report · runs locally
  8. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally
// reference

proof & methodology

synthetic reference investigations and investigation playbooks for this case type — fixture-locked goldens, local binders, evidence order, and tool paths.

investigation guide: medical device tamper / clinical IoT — methodology

side-by-side: compare case types →

run as a case-kit pipeline

no curated stack for this case type yet. tracked in the forensics rollout — pipelines roll out one case type at a time.

ready