fatcousin
// case comparison

stalkerware vs cyberstalking

both involve unwanted surveillance — stalkerware is a covert app on-device; cyberstalking is broader harassment across accounts and platforms.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

stalkerware sweep (mobile)

covertly installed monitoring apps on a personal phone. iOS + android are very different surfaces: hidden config profiles + pairing records on iOS, sideloaded APKs + accessibility-abuse on android.

  1. 01apk analyzerdrop an android apk · permissions · activities · services · manifest · certificates · embedded urls · strings · no disassembly · runs locally
  2. 02android apk permissions auditordrop an .apk · parse AndroidManifest.xml · list all declared permissions · flag dangerous permissions · detect unusual API combinations · runs locally
  3. 03android anonymous messaging app artifact detectordrop Android packages.xml, usage stats, logcat, or filesystem listings · detect anonymous and untraceable messaging applications · surface usage evidence and residual artifacts · identify apps requiring no phone number or identity verification · assess anonymous communication footprint · runs locally
  4. 04android encrypted vault app artifact detectordrop Android packages.xml, filesystem listing, or usage stats · detect installed or deleted encrypted vault and secret hiding apps · surface vault app usage evidence · identify content types stored in vaults (from metadata) · detect vault apps designed to disguise themselves as other apps · runs locally
  5. 05android app cloner artifact forensic detectordrop Android packages.xml, filesystem listing, or logcat · detect app cloner framework installations · identify cloned app instances · surface dual-space and multi-account artifacts · detect usage of cloned messaging apps that may contain additional communication accounts · runs locally
  6. 06ios pairing record forensic analyzerdrop itunes lockdown pairing plist · parse device and host certificates · escrow bag detection · pairing age and trust implications · csv json export · runs locally
  7. 07ios jailbreak artifact detectordrop manifest db or path list · detect jailbreak indicators cydia sileo substrate · tool identification · removal hints · runs locally
  8. 08ios lockdown certificate artifact extractordrop pairing plist der or pem · decode x509 lockdown certs · chain validation · udid and host uuid · pem csv json export · runs locally
case b

cyberstalking

broader than stalkerware-app: social-graph harassment, doxing, multi-account impersonation, location-leak surfaces.

  1. 01ai chatbot multi-account correlation analyzercorrelate AI chatbot accounts, sessions, and devices across platforms · detect multi-account usage, shared devices, account switching · runs locally
  2. 02multi-source entity resolverdrop forensic csvs · resolve names emails usernames ips across sources · probabilistic entity profiles · runs locally
  3. 03investigation knowledge graph builderdrop forensic csv exports · extract entities and relationships · knowledge graph visualization · hub and path analysis · runs locally
  4. 04osint normalizerpaste osint dump · extract emails phones ips crypto handles · disposable tor private heuristics · e.164 · five tabs · per-category csv · runs locally
  5. 05natural language writing sample authorship comparatordrop multiple text files or paste writing samples · compute 40 plus stylometric features · sentence length distribution · vocabulary richness · function word frequencies · punctuation patterns · produce similarity score with confidence intervals between samples · runs locally
  6. 06ios significant locations forensic extractordrop routined Cache.sqlite · parse significant places visits · home work inference · visit timeline · runs locally
  7. 07android google timeline artifact forensic extractordrop Google Timeline JSON, Takeout location history files, semantic location history exports, or Maps activity artifacts · parse places, visits, activity segments, coordinates, confidence values, and edit metadata · reconstruct Google-derived movement history · runs locally
  8. 08domain reputation analyzerpaste domains or IPs · score by entropy · TLD risk · homoglyph detection · DGA patterns · punycode abuse · age heuristics · no external lookup · runs locally

editorial overlap

2 tools mapped to both case types in the editorial taxonomy — useful when the investigation spans both surfaces.
fatcousin cross export ioc hash correlatorfatcousin multi tool super timeline correlator

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward stalkerware if you see…

  • unknown APK or IPA with accessibility, location, or screen-capture permissions
  • iOS config profile, pairing record, or sideload artifact from an unknown machine
  • covert monitoring app signatures — not just public social-media harassment

lean toward cyberstalking if you see…

  • multi-account impersonation or doxing across social platforms
  • harassment and authorship patterns without a covert monitoring app on the device
  • location leaks via public posts or OSINT — not hidden GPS exfil from an app
ready