// artifact family
container / orchestration expansion
23 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- aks audit log forensic analyzerdrop aks audit log · parse api + admin events
- argocd audit log forensic analyzerdrop argocd audit log · parse gitops sync events
- buildah build log forensic analyzerdrop buildah build log · parse layer build sequence
- container registry pull log forensic analyzerdrop generic oci registry pull log · parse image pulls + originating ip
- containerd runtime state forensic analyzerdrop containerd state dir + log · parse container lifecycle events
- cri o runtime log forensic analyzerdrop cri-o log · parse pod lifecycle
- eks audit log forensic analyzerdrop eks control-plane audit log · parse api events
- flux cd audit log forensic analyzerdrop flux controller log · parse reconciliation events
- gke audit log forensic analyzerdrop gke audit log · parse api + admin events
- harbor registry audit log forensic analyzerdrop harbor audit log · parse image push/pull/scan events
- hashicorp consul audit log forensic analyzerdrop consul audit log · parse kv + service events
- hashicorp nomad job log forensic analyzerdrop nomad job log · parse allocation events
- hashicorp vault audit log forensic analyzerdrop vault audit json · parse secret access + lease events
- k3s audit log forensic analyzerdrop k3s audit log · parse api server events
- kubernetes privilege escalation detectordrop k8s audit log · detect role/clusterrole escalation patterns
- kubernetes secret exfil pattern detectordrop k8s audit log · detect mass secret reads + token usage anomalies
- kubernetes service account token abuse detectordrop k8s audit log · detect sa token usage from unexpected pods
- lxc lxd container forensic analyzerdrop lxc/lxd storage pool · parse container snapshots + config
- microk8s audit log forensic analyzerdrop microk8s audit log · parse api events
- openshift audit log forensic analyzerdrop openshift audit log · parse api + project events
- podman container artifact forensic extractordrop podman rootful/rootless storage · parse containers + images + volumes
- rancher audit log forensic analyzerdrop rancher audit log · parse multi-cluster admin events
- spinnaker audit log forensic analyzerdrop spinnaker audit log · parse pipeline + stage events