forensics coverage

coverage by lane

collapsed by default — expand a lane to browse artifact-family hubs, vertical entry points, and flagship case-type playbooks. tool counts reflect catalog mappings for that hub (some tools appear in multiple lanes).

• active investigation5 hubs · 90 tools

  flagship case types and live incident lanes — ransomware, BEC, cloud compromise, stalkerware, leak-site artifacts.

  • // ransomware · live

    ransomware / leak site forensics

    negotiation chat logs · victim portals · double-extortion posts · onion metadata · ransom note clustering · staging timelines · affiliate rebrand detection.

    10 tools in catalog mapping

    • vertical →
    • leak site hub →
    • integrity kit →
  • // flagship · live

    ransomware response

    full reference investigation — methodology guide, proof page, published goldens, and local case-binder export.

    20 tools in catalog mapping

    • case type →
    • methodology →
    • proof →
  • // flagship · live

    business email compromise

    impersonation threads · wire-fraud pivots · mailbox rule abuse · vendor payment redirect chains from email and SaaS exports.

    20 tools in catalog mapping

    • case type →
    • methodology →
    • proof →
  • // flagship · live

    cloud account compromise

    identity takeover · OAuth consent abuse · impossible-travel pivots · multi-cloud audit correlation from exports you already pulled.

    20 tools in catalog mapping

    • case type →
    • methodology →
    • proof →
  • // flagship · live

    stalkerware sweep

    mobile triage · persistence artifacts · surveillance app indicators · safety-first playbook for victims and counsel.

    20 tools in catalog mapping

    • case type →
    • methodology →
    • proof →
• enterprise audits4 hubs · 240 tools

  SaaS audit CSV/JSON you already exported — HR, finance, retail loss prevention, and supply-chain ops.

  • // enterprise HR · live

    HR / workforce SaaS forensics

    payroll fraud · ghost employees · equity grant tampering · relocation cost inflation · whistleblower retaliation — Workday · ADP · Carta · Topia · Navex.

    90 tools in catalog mapping

    • vertical →
    • core HCM hub →
  • // finance SaaS · live

    AP / procurement / spend / PSA forensics

    vendor bank detail changes · duplicate invoice payments · unauthorized PO changes · split-threshold evasion · PSA time entry fraud.

    40 tools in catalog mapping

    • invoice fraud case →
    • AP exports →
    • procurement →
    • PSA →
  • // retail · live

    retail POS, loyalty & trade promotion forensics

    unauthorized voids · cash drawer shortages · loyalty points tampering · trade spend leakage · scan-data manipulation.

    30 tools in catalog mapping

    • vertical →
    • POS exports →
    • loyalty →
    • trade promotion →
  • // supply ops · live

    TMS · WMS · MES · APS · QMS · PLM · CMMS · S&OP supply ops forensics

    freight manipulation · inventory shrinkage · recipe tampering · forecast bias · CAPA abuse · BOM changes · CMMS work-order fraud.

    80 tools in catalog mapping

    • vertical →
    • TMS hub →
    • CMMS →
• infrastructure forensics12 hubs · 120 tools

  cloud IAM, zero-trust, NGFW, DNS, PKI, secrets/PAM, SOAR, DLP, IGA, backup/DR, and exposure management.

  • // NGFW · live

    NGFW / firewall platform forensics

    Palo Alto · FortiGate · Check Point · Firepower · Juniper SRX · Sophos XG · multi-NGFW traffic correlation.

    10 tools in catalog mapping

    • vertical →
    • NGFW hub →
  • // DNS · live

    DNS security forensics

    passive DNS · DoH/DoT · Infoblox RPZ · Cloudflare DNS firewall · DGA clustering · DNS tunneling entropy.

    10 tools in catalog mapping

    • vertical →
    • DNS hub →
  • // PKI · live

    certificate / PKI forensics

    CT logs · PKCS12 keystores · code-signing chains · TLS client auth · ACME issuance · OCSP/CRL revocation.

    10 tools in catalog mapping

    • vertical →
    • PKI hub →
  • // cloud IAM · live

    cloud IAM / CSPM forensics

    AWS CloudTrail IAM · GCP audit IAM · Azure RBAC · Access Analyzer · Wiz · Lacework · Orca · Prisma Cloud.

    10 tools in catalog mapping

    • vertical →
    • IAM/CSPM hub →
  • // IGA · live

    identity governance / IGA forensics

    SailPoint · Saviynt · Okta lifecycle · Entra governance · role mining · orphaned accounts · SoD violations.

    10 tools in catalog mapping

    • vertical →
    • IGA hub →
  • // backup / DR · live

    backup / disaster recovery forensics

    Veeam · Rubrik · Commvault · Acronis · Datto BCDR · AWS Backup · Azure RSV · backup deletion anomalies.

    10 tools in catalog mapping

    • vertical →
    • backup / DR hub →
  • // secrets · live

    secrets manager / PAM forensics

    AWS Secrets Manager · Azure Key Vault · GCP Secret Manager · CyberArk · BeyondTrust · rotation failure correlation.

    10 tools in catalog mapping

    • vertical →
    • secrets hub →
  • // SOAR · live

    SOAR / incident orchestration forensics

    Cortex XSOAR · Splunk SOAR · Swimlane · Torq · ServiceNow SecOps · playbook deviation · enrichment actions.

    10 tools in catalog mapping

    • vertical →
    • SOAR hub →
  • // zero-trust · live

    zero-trust / SASE access forensics

    Zscaler ZIA/ZPA · Cloudflare Access · Prisma Access · Cisco Umbrella · Netskope CASB · Entra conditional access.

    10 tools in catalog mapping

    • vertical →
    • SASE hub →
  • // endpoint DLP · live

    endpoint DLP forensics

    Microsoft Purview · Forcepoint · Symantec · Netskope · Digital Guardian · USB exfil blocks · false-positive clustering.

    10 tools in catalog mapping

    • vertical →
    • DLP hub →
  • // API gateway · live

    API gateway / edge proxy forensics

    Kong · AWS API Gateway · Apigee · NGINX Plus · Traefik · Envoy · Cloudflare API Shield · API key abuse bursts.

    10 tools in catalog mapping

    • vertical →
    • gateway hub →
  • // vuln / exposure · live

    vulnerability / exposure management forensics

    Tenable Nessus · Qualys VMDR · Rapid7 InsightVM · Defender VM · CrowdStrike Spotlight · Wiz exposure · Shodan.

    10 tools in catalog mapping

    • vertical →
    • vuln / exposure hub →
• specialty domains15 hubs · 430 tools

  deep-moat verticals — legal production, court-ready kits, satcom, telecom, automotive, gaming, smart city, ICS/OT, clinical, PQC, payments, and file artifacts.

  • // bytes on disk · live

    file & filesystem artifact forensics

    carving · NTFS logfile replay · sparse/hidden files · compound document extraction · registry hive recovery · entropy slicing.

    17 tools in catalog mapping

    • vertical →
    • disk image axis →
    • file triage kit →
  • // production · live

    eDiscovery / legal production forensics

    load-file QC · Bates stamping · privilege logs · redaction burn verification · Relativity/Concordance validators.

    63 tools in catalog mapping

    • vertical →
    • load-file hub →
  • // court-ready · live

    court-ready investigation kits

    composite orchestrators — deepfake voice fraud · HIPAA breach · whistleblower retaliation · NFT rug pull · credential stuffing.

    53 tools in catalog mapping

    • vertical →
    • case kits hub →
  • // satcom · live

    satellite / GNSS / LEO terminal forensics

    Starlink obstruction bursts · Iridium SBD messages · GNSS spoofing artifacts · LEO handover traces · ground-station access logs.

    10 tools in catalog mapping

    • vertical →
    • GNSS hub →
  • // carrier · live

    5G SA core & mobile carrier signaling forensics

    AMF/SMF/UPF core logs · NAS/NGAP decoders · SS7/Diameter/GTP signaling · IMSI catcher detection · lawful intercept audit.

    20 tools in catalog mapping

    • vertical →
    • carrier hub →
  • // automotive · live

    OEM app & vehicle telematics forensics

    Rivian · OnStar · BMW · Mercedes · Tesla app exports · CAN/J1939 bus logs · UDS diagnostic sessions · multi-OEM GPS correlation.

    20 tools in catalog mapping

    • vertical →
    • vehicle hub →
  • // anti-cheat · live

    gaming anti-cheat forensics

    EAC · BattlEye · Vanguard · FACEIT · VAC · Fortnite · Hyperion kernel logs — cheat driver signatures · multi-game ban correlation.

    53 tools in catalog mapping

    • vertical →
    • gaming hub →
  • // smart city · live

    smart city / building automation forensics

    traffic signals · streetlights · parking meters · city CCTV VMS · BMS/HVAC · badge access · elevators · AMI head-end.

    10 tools in catalog mapping

    • vertical →
    • BAS hub →
  • // Matter/Thread · live

    Matter / Thread smart home edge

    Matter commissioning · OpenThread border routers · Home Key NFC locks · Nest/Dirigera/Aqara hub logs · multi-protocol correlation.

    32 tools in catalog mapping

    • vertical →
    • smart home hub →
  • // fieldbus · live

    ICS / OT fieldbus protocol forensics

    IEC 61850 GOOSE · HART · Foundation Fieldbus · Profibus DP · CC-Link IE · AS-Interface · MELSEC MC · Omron FINS.

    33 tools in catalog mapping

    • vertical →
    • ICS/OT hub →
  • // clinical · live

    healthcare clinical device expansion

    Meditech Expanse · IntelliVue alarms · ventilator/dialysis sessions · LIS orders · patient portal · UDI tracking · break-glass.

    26 tools in catalog mapping

    • vertical →
    • medical hub →
  • // PQC · live

    post-quantum cryptography forensics

    NIST ML-KEM/ML-DSA/SLH-DSA artifacts · hybrid migration traces · TLS/SSH/IPsec PQC negotiation · X509 chain migration.

    36 tools in catalog mapping

    • vertical →
    • emerging tech hub →
  • // instant pay · live

    instant payments / RTP forensics

    FedNow · RTP · SEPA Instant · same-day ACH · ISO 20022 pain/camt · fraud velocity correlation · CBDC pilot ledgers.

    37 tools in catalog mapping

    • vertical →
    • payments hub →
  • // field ops · live

    field service management forensics

    unauthorized work-order closes · GPS spoofing on check-ins · parts overbilling · CMMS cross-correlation from FSM exports.

    10 tools in catalog mapping

    • utilities vertical →
    • FSM hub →
  • // physical access · live

    physical access control forensics

    Lenel OnGuard · CCure · Genetec Synergis · Honeywell Pro-Watch · badge cloning/replay · tailgating correlation.

    10 tools in catalog mapping

    • vertical →
    • access control hub →
• mobile + extraction4 hubs · 299 tools

  commercial extraction suite exports, forensic platform case files, DRM license chains, and biometric auth artifacts.

  • // extraction · live

    commercial mobile extraction suite exports

    Cellebrite UFDR · Oxygen · MSAB XRY · Magnet AXIOM · Belkasoft · MobileEdit · FTK · EnCase · Santoku — chain-of-custody metadata validation.

    182 tools in catalog mapping

    • vertical →
    • mobile hub →
  • // platform · live

    forensic platform case exports

    Nuix · EnCase · Autopsy · Volatility · Paladin · AXIOM Cyber · Sleuth Kit · AD1 · BlackLight/Macquisition — merge custodian/hash overlap.

    63 tools in catalog mapping

    • vertical →
    • eDiscovery hub →
  • // DRM · live

    DRM / content protection forensics

    Widevine · FairPlay · PlayReady · HDCP · browser EME sessions · Apple FPS · Android MediaDrm · Chromecast DRM license chains.

    10 tools in catalog mapping

    • vertical →
    • content protection hub →
  • // biometric · live

    biometric authentication forensics

    Face ID · Touch ID · Windows Hello · macOS Secure Enclave · Samsung Pass · voice/iris enrollment · spoof/liveness bypass detection.

    44 tools in catalog mapping

    • vertical →
    • auth/identity hub →
• emerging / adversarial6 hubs · 108 tools

  LLM prompt injection, browser extensions, email security gateways, adversarial AI, cross-export correlation, and supply-chain integrity.

  • // prompt injection · live

    LLM prompt injection forensics

    injection attempt logs · jailbreak clustering · RAG poisoning · system prompt exfiltration · tool-call injection · guardrail bypass.

    10 tools in catalog mapping

    • vertical →
    • injection hub →
  • // extensions · live

    browser extension forensics

    Chrome manifest permissions · Firefox XPI · Safari web extensions · MV3 service worker logs · password-manager vaults · crypto wallet storage.

    10 tools in catalog mapping

    • vertical →
    • extension hub →
  • // email gateway · live

    email security gateway forensics

    Proofpoint TAP · Mimecast · Barracuda ESS · Defender for Office 365 message trace · secure link rewrite chains · quarantine release audits.

    10 tools in catalog mapping

    • vertical →
    • gateway hub →
  • // frontier

    adversarial AI forensics

    chatgpt / claude / gemini conversation forensics · prompt-injection artifact detectors · MCP audit-trail parsers · local-vector-database forensics.

    30 tools in catalog mapping

    • ai & llm hub →
  • // meta-layer · live

    FatCousin cross-export correlation

    merge CSV/JSON from tools you already ran — super-timeline · IOC hash overlap · EDR findings join · SaaS audit actor link.

    38 tools in catalog mapping

    • vertical →
    • incident response hub →
    • multi-export kit →
  • // supply chain · live

    software supply chain forensics

    GitHub Actions provenance · npm Sigstore attestations · Rekor transparency logs · SLSA v1 metadata · dependency confusion · container SBOM layers.

    10 tools in catalog mapping

    • vertical →
    • supply chain hub →