fatcousin
// artifact family

cloud & config forensics

16 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
16
catalog slugs
16
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. aws iam policy analyzerpaste iam policy json · effective permissions · wildcard expansion · risks · escalation hints · plain english · runs locally
  2. terraform state analyzerdrop terraform tfstate · resource inventory · sensitive values · misconfigs · dependency edges · redact view · runs locally
  3. kubernetes secrets decoderpaste secret yaml or json · decode base64 · credential hints · redact toggle · runs locally · keys stay in browser
  4. vpn config analyzerpaste ovpn wireguard or ipsec config · cipher audit · tls checks · split tunnel hints · score · runs locally
  5. ssh known hosts analyzerdrop known_hosts · fingerprints · duplicate hosts · key strength notes · hashed entries · visualize distribution · runs locally
  6. gcp audit log analyzerdrop google cloud audit log json · api calls · iam changes · storage access · vm events · security findings · runs locally
  7. azure activity log analyzerdrop azure activity log json · operations timeline · rbac changes · vm events · security · network changes · runs locally
  8. aws s3 access log analyzerdrop s3 server access logs · request timeline · top requesters · error analysis · exfiltration detection · unauthorized access · runs locally
  9. iam escalation graphiam policy json · wildcard expansion · 15 escalation patterns · attack chains · severity · csv + json export · runs locally
  10. terraform plan diffplan json or tfstate · before/after diff · attribute changes · security flags · sg 0.0.0.0/0 · public s3 · iam · csv export · runs locally
  11. aws cloudtrail forensic deep analyzerdrop cloudtrail json logs · detect privilege escalation paths · credential theft · data exfiltration · lateral movement between services · unusual api patterns · flag attacker ips · runs locally
  12. github audit log analyzerdrop github enterprise audit log json or csv export · parse repository and organization events · surface suspicious access patterns force pushes secret scanning alerts and member changes · reconstruct git activity timeline · runs locally
  13. office365 audit log analyzerdrop m365 unified audit log json or csv · flag inbox forward rules · mailbox forwarding · bulk downloads · global admin role adds · high-scope consent · audit log disabled · runs locally
  14. kubernetes forensics analyzerdrop k8s audit json and pod rbac yaml · flag privileged pods · docker.sock hostpath · cluster-admin bindings · exec bursts · secrets bulk reads · runs locally
  15. microsoft 365 unified audit log analyzerdrop m365 unified audit log csv or json export · parse all audit events across exchange sharepoint teams onedrive and azure ad · surface suspicious operations privilege changes and data access events · reconstruct user activity timeline · runs locally
  16. aws cloudtrail log forensic analyzerdrop aws cloudtrail json log files or csv export · parse api call records across all aws services · surface credential abuse privilege escalation data exfiltration and infrastructure manipulation · reconstruct attacker activity timeline · runs locally
ready