// artifact family
deception / honeypot platform forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- thinkst canary incident export forensic analyzerdrop canary incident export · parse token + attacker ip + action · runs locally
- smokescreen deception event forensic analyzerdrop smokescreen event export · parse decoy + interaction + severity · runs locally
- trapx deception incident forensic analyzerdrop trapx incident export · parse trap + attacker + stage · runs locally
- countercraft deception log forensic analyzerdrop countercraft log export · parse decoy + lure + engagement · runs locally
- illusive networks deception export forensic analyzerdrop illusive export · parse endpoint + deception + policy · runs locally
- honeypot decoy interaction burst detectordrop deception event export · detect decoy interaction bursts · runs locally
- deception lateral movement chain correlatordrop deception export · reconstruct lateral movement via decoys · runs locally
- decoy credential use detectordrop deception credential export · detect decoy credential authentication · runs locally
- multi honeypot incident timeline correlatordrop 2+ deception exports · unified attacker timeline graph · runs locally
- cross honeypot edr endpoint correlatordrop deception + edr exports · correlate decoy hit to endpoint alert · runs locally