fatcousin
// case comparison

source protection vs whistleblower

both follow a sensitive disclosure — but source protection is journalist-device and E2EE compromise; whistleblower retaliation is ethics-hotline report correlated with adverse HR action.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

journalist source protection

press-source handling: verify journalist + source comms weren't compromised before/after a sensitive story. evidence is E2EE app artifacts · SIM swap · OAuth grants · Google takeout — not corporate ethics hotline exports (see whistleblower-retaliation).

  1. 01ios signal artifact forensic extractordrop signal.sqlite · parse conversations and messages · disappearing timers · view-once flags · draft messages · registered phone · rowid gaps · runs locally
  2. 02android signal database forensic extractordrop Android Signal database files (signal.db or backup files) · parse conversations, messages, and attachment metadata · extract disappearing message settings, contact identifiers, and draft messages · surface registered phone number from database · detect deleted message gaps · runs locally
  3. 03signal desktop artifact forensic extractordrop signal desktop %APPDATA%Signal · parse encrypted leveldb config + sql.sqlite (key-derived) · surface conversation + attachment metadata · runs locally
  4. 04sim swap artifact forensic detectordetect evidence of SIM swapping across devices, carriers, or subscriber records · runs locally
  5. 05google account activity export forensic deep analyzerdrop google takeout 'my activity' html/json · parse per-product activity timeline · flag credential recovery access events · csv/json export · runs locally
  6. 06casb oauth token abuse detectordrop casb oauth grant export · detect excessive scope grants · runs locally
  7. 07google takeout archive forensic parserdrop google takeout zip or individual takeout json csv html files · parse account activity across all google services · reconstruct location history search history youtube watch history gmail metadata and drive activity · surface forensic timeline across all google products · runs locally
case b

whistleblower / retaliation investigation

ethics hotline report followed by adverse employment action. evidence spans Navex/EthicsPoint/Allvoices exports + HCM termination/promotion logs + HRSD case files.

  1. 01navex ethics hotline export forensic analyzerdrop navex export · parse report + category + user · runs locally
  2. 02ethics retaliation pattern detectordrop ethics export · detect retaliation patterns · runs locally
  3. 03ethics unauthorized case dismissal detectordrop ethics export · detect unauthorized case dismissals · runs locally
  4. 04cross ethics hcm retaliation correlatordrop ethics + hcm exports · correlate report to employment action · runs locally
  5. 05hr acuity investigation export forensic analyzerdrop hr acuity export · parse case + allegation + user · runs locally
  6. 06cross er hrsd case correlatordrop er + hrsd exports · correlate investigation to service case · runs locally
  7. 07servicenow hrsd case export forensic analyzerdrop servicenow hrsd export · parse case + task + user · runs locally
  8. 08case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

editorial overlap

3 tools mapped to both case types in the editorial taxonomy — useful when the investigation spans both surfaces.
case report generatorfatcousin cross export ioc hash correlatorfatcousin multi tool super timeline correlator

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward source protection if you see…

  • Signal, Wire, or Threema artifact anomalies plus SIM swap or OAuth grant on journalist Google account
  • Google takeout activity spike or rogue third-party app consent — not Navex/EthicsPoint export
  • source-handling timeline: device or mailbox compromise before or after sensitive story — not HRSD case cluster

lean toward whistleblower if you see…

  • Navex, EthicsPoint, or Allvoices hotline export with report timestamp and case disposition
  • adverse employment action (PIP, demotion, termination) in HCM or HRSD logs after ethics report
  • cross-ethics-hcm retaliation pattern — corporate employee-report frame, not press E2EE artifacts
ready