fatcousin
// case comparison

device tamper vs healthcare

both involve healthcare logs — but device tamper is bedside integrity (wrong dose, alarm suppression); healthcare breach is PHI exfil and EHR tenant scoping.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

medical device tamper / clinical IoT

device integrity — wrong dose, alarm suppression, unauthorized config. not PHI exfil; evidence is pump, ventilator, monitor, and UDI session logs.

  1. 01insulin pump log forensic analyzerdrop insulin pump csv export (medtronic / tandem) · parse boluses + basal changes + alarms · runs locally
  2. 02philips intellivue monitor alarm log forensic analyzerdrop intellivue alarm export · parse arrhythmia + threshold + silence events · runs locally
  3. 03medical device udi tracking log forensic analyzerdrop udi scan + inventory export · parse implant lot + location chain · runs locally
  4. 04hipaa break glass access log forensic analyzerdrop break-glass/emergency access export · parse reason code + patient + approver · runs locally
  5. 05log file authenticity and integrity scorerdrop any log file · verify internal consistency · line endings · timestamps · detect log injection · fabrication indicators · authenticity score · runs locally
  6. 06case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
case b

healthcare data breach

PHI exposure, EHR audit gap, DICOM exfil, HIPAA notification scoping. very specific evidence demands.

  1. 01dicom medical imaging metadata forensic analyzerdrop dicom files · parse metadata tags · extract patient equipment data · detect anonymization failures · runs locally
  2. 02microsoft access database forensic analyzerdrop mdb or accdb files · parse jet database structure · extract tables · recover deleted records · vba macro scan · runs locally
  3. 03office365 audit log analyzerdrop m365 unified audit log json or csv · flag inbox forward rules · mailbox forwarding · bulk downloads · global admin role adds · high-scope consent · audit log disabled · runs locally
  4. 04microsoft 365 unified audit log analyzerdrop m365 unified audit log csv or json export · parse all audit events across exchange sharepoint teams onedrive and azure ad · surface suspicious operations privilege changes and data access events · reconstruct user activity timeline · runs locally
  5. 05windows event log gap analyzerdrop multiple evtx · merged timeline · logging gaps · clearing events · ransomware prep chains · service persistence hints · runs locally
  6. 06log ingestion gap and silent host detectordrop siem export or event log collector export · identify machines that stopped sending logs · calculate expected vs actual log volume per host · detect hosts that went dark · flag suspicious silences · runs locally
  7. 07log file authenticity and integrity scorerdrop any log file · verify internal consistency · line endings · timestamps · detect log injection · fabrication indicators · authenticity score · runs locally
  8. 08chain of custody gap detectorpaste custody log csv · time gaps over threshold · missing signatures · export findings csv · runs locally

editorial overlap

8 tools mapped to both case types in the editorial taxonomy — useful when the investigation spans both surfaces.
case report generatordicom medical imaging metadata forensic analyzerehr patient portal access log forensic analyzerfatcousin cross export ioc hash correlatorfatcousin multi tool super timeline correlatorhipaa break glass access log forensic analyzerlog file authenticity and integrity scorerwindows event log gap analyzer

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward device tamper if you see…

  • infusion pump, ventilator, or IntelliVue alarm log showing rate change, suppression, or guardrail bypass
  • UDI or bedside device config change without matching EHR order — device integrity, not chart bulk export
  • clinical IoT session tamper or log-authenticity anomaly — no DICOM/PACS exfil volume spike

lean toward healthcare if you see…

  • DICOM metadata, MRN/PHI tags, or PACS export audit trail — tenant-scoped PHI exfil
  • EHR or patient-registry mass access with audit-log gap — not pump or monitor session tamper
  • HIPAA notification scoping with imaging or chart-access volume — no wrong-dose or alarm-suppression artifact
ready