// artifact family
cloud iam / cspm forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- aws cloudtrail iam anomaly forensic analyzerdrop cloudtrail iam event export · parse user/role + action bursts + deny patterns · runs locally
- gcp audit log iam privilege forensic analyzerdrop gcp audit log iam export · parse binding changes + service account keys · runs locally
- azure activity log rbac forensic analyzerdrop azure activity log rbac export · parse role assignment + pim activation · runs locally
- aws iam access analyzer finding forensic analyzerdrop access analyzer finding export · parse resource + finding type + status timeline · runs locally
- wiz cspm misconfiguration forensic analyzerdrop wiz cspm issue export · parse severity + resource + remediation status · runs locally
- lacework cloud security event forensic analyzerdrop lacework alert export · parse policy + entity + anomaly score · runs locally
- orca cloud security alert forensic analyzerdrop orca alert export · parse asset + risk factor + attack path hints · runs locally
- prisma cloud alert forensic analyzerdrop prisma cloud alert export · parse policy + resource + compliance standard · runs locally
- scout suite aws assessment forensic analyzerdrop scout suite html/json assessment export · parse flagged services + rules · runs locally
- cloud iam excessive permission correlatordrop 2+ iam/cspm exports · correlate over-privileged principals graph · runs locally