fatcousin
// case comparison

healthcare vs key leak

both can show audit gaps and cloud log anomalies — but healthcare breach is PHI exfil and EHR scoping; API key leak is VCS credential exposure and CSP abuse.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

healthcare data breach

PHI exposure, EHR audit gap, DICOM exfil, HIPAA notification scoping. very specific evidence demands.

  1. 01dicom medical imaging metadata forensic analyzerdrop dicom files · parse metadata tags · extract patient equipment data · detect anonymization failures · runs locally
  2. 02microsoft access database forensic analyzerdrop mdb or accdb files · parse jet database structure · extract tables · recover deleted records · vba macro scan · runs locally
  3. 03office365 audit log analyzerdrop m365 unified audit log json or csv · flag inbox forward rules · mailbox forwarding · bulk downloads · global admin role adds · high-scope consent · audit log disabled · runs locally
  4. 04microsoft 365 unified audit log analyzerdrop m365 unified audit log csv or json export · parse all audit events across exchange sharepoint teams onedrive and azure ad · surface suspicious operations privilege changes and data access events · reconstruct user activity timeline · runs locally
  5. 05windows event log gap analyzerdrop multiple evtx · merged timeline · logging gaps · clearing events · ransomware prep chains · service persistence hints · runs locally
  6. 06log ingestion gap and silent host detectordrop siem export or event log collector export · identify machines that stopped sending logs · calculate expected vs actual log volume per host · detect hosts that went dark · flag suspicious silences · runs locally
  7. 07log file authenticity and integrity scorerdrop any log file · verify internal consistency · line endings · timestamps · detect log injection · fabrication indicators · authenticity score · runs locally
  8. 08chain of custody gap detectorpaste custody log csv · time gaps over threshold · missing signatures · export findings csv · runs locally
case b

API key leak / repo compromise

leaked credential in git history → cloud abuse window → cost-spike + lateral movement. correlate VCS + CSP audit logs.

  1. 01git repository forensic analyzerdrop a .git directory or git bundle file · extract full commit history · recover deleted commits via reflog · stash contents · author metadata · file change history · detect secret leaks in history · runs locally
  2. 02github audit log parserjson or jsonl audit export · action actor org repo · repo org hook oauth protected branch secret scanning · suspicious flags · export csv · runs locally
  3. 03github audit log analyzerdrop github enterprise audit log json or csv export · parse repository and organization events · surface suspicious access patterns force pushes secret scanning alerts and member changes · reconstruct git activity timeline · runs locally
  4. 04aws cloudtrail forensic deep analyzerdrop cloudtrail json logs · detect privilege escalation paths · credential theft · data exfiltration · lateral movement between services · unusual api patterns · flag attacker ips · runs locally
  5. 05aws cloudtrail log forensic analyzerdrop aws cloudtrail json log files or csv export · parse api call records across all aws services · surface credential abuse privilege escalation data exfiltration and infrastructure manipulation · reconstruct attacker activity timeline · runs locally
  6. 06aws iam policy analyzerpaste iam policy json · effective permissions · wildcard expansion · risks · escalation hints · plain english · runs locally
  7. 07iam escalation graphiam policy json · wildcard expansion · 15 escalation patterns · attack chains · severity · csv + json export · runs locally
  8. 08kubernetes secrets decoderpaste secret yaml or json · decode base64 · credential hints · redact toggle · runs locally · keys stay in browser

editorial overlap

3 tools mapped to both case types in the editorial taxonomy — useful when the investigation spans both surfaces.
case report generatorfatcousin cross export ioc hash correlatorfatcousin multi tool super timeline correlator

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward healthcare if you see…

  • DICOM metadata, MRN/PHI tags, or PACS export audit trail — not git credential patterns
  • EHR or patient-registry database artifacts (.mdb, flat-file registries)
  • HIPAA notification scoping with imaging or chart-access volume — no IAM escalation chain

lean toward key leak if you see…

  • AKIA/ghp token patterns in git history, reflog, or secret scanning alerts
  • GitHub audit log clone/push events correlated with CloudTrail API abuse
  • IAM escalation, k8s secrets decode, or cost spike from leaked cloud credential — no DICOM/PHI artifacts
ready