// artifact family
database forensics beyond sqlite
30 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- mysql binary log binlog forensic analyzerdrop mysql binlog · parse row + statement events · reconstruct write timeline · runs locally
- mysql general query log forensic analyzerdrop mysql general_log csv · parse every query executed with timestamps · runs locally
- mysql slow query log forensic analyzerdrop mysql slow query log · parse expensive queries + originating user · runs locally
- mysql error log forensic analyzerdrop mysql error log · parse crashes + auth failures + privilege grants · runs locally
- postgresql wal write ahead log forensic analyzerdrop pg_wal segment · parse redo records · reconstruct write history · runs locally
- postgresql csv log forensic analyzerdrop postgresql csvlog · parse statement + duration + user · runs locally
- postgresql pg stat statements forensic analyzerdrop pg_stat_statements export · surface heavy / recent queries by user · runs locally
- mongodb oplog forensic analyzerdrop mongodb local.oplog.rs export · parse insert/update/delete ops + replication state · runs locally
- mongodb audit log forensic analyzerdrop mongodb auditLog.json · parse authn + privilege events · runs locally
- redis aof append only file forensic analyzerdrop redis appendonly.aof · parse command stream · reconstruct write history · runs locally
- redis rdb snapshot forensic analyzerdrop redis dump.rdb · parse stored keys + types + ttls · runs locally
- cassandra commitlog forensic analyzerdrop cassandra commitlog segment · parse mutation records · runs locally
- cassandra system audit log forensic analyzerdrop cassandra audit log · parse cql statements + user · runs locally
- influxdb wal forensic analyzerdrop influxdb wal segment · parse point writes · runs locally
- timescaledb chunk forensic analyzerdrop timescaledb chunk export · surface hypertable activity · runs locally
- neo4j transaction log forensic analyzerdrop neo4j neostore.transaction.db.* · parse graph mutation history · runs locally
- dynamodb streams event forensic analyzerdrop dynamodb streams capture · parse insert/modify/remove events · runs locally
- elasticsearch audit log forensic analyzerdrop elasticsearch _audit log · parse api access + query body · runs locally
- elasticsearch translog forensic analyzerdrop elasticsearch translog · parse pending operations · runs locally
- opensearch audit log forensic analyzerdrop opensearch audit log · parse access events · runs locally
- clickhouse query log forensic analyzerdrop clickhouse system.query_log export · parse query + user + duration · runs locally
- oracle redo log forensic analyzerdrop oracle redo log (logminer output) · parse dml/ddl by user/session · runs locally
- oracle audit trail forensic analyzerdrop oracle dba_audit_trail export · parse user actions + privileges used · runs locally
- sql server transaction log forensic analyzerdrop sql server .ldf parse via fn_dblog export · reconstruct write history · runs locally
- sql server extended events forensic analyzerdrop sql server xevent xel · parse session events · runs locally
- mariadb binlog forensic analyzerdrop mariadb binlog · parse row events · runs locally
- cockroachdb audit log forensic analyzerdrop cockroachdb audit log · parse statement + user · runs locally
- snowflake account usage forensic analyzerdrop snowflake account_usage views export · parse logins + queries + grants · runs locally
- bigquery audit log forensic analyzerdrop bigquery cloud audit log · parse job execution + reads + cost · runs locally
- databricks audit log forensic analyzerdrop databricks workspace audit log · parse notebook runs + access events · runs locally