fatcousin
// artifact family

dns security forensics

10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
10
catalog slugs
10
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. passive dns resolution history forensic analyzerdrop passive dns export · parse rrset timeline + first/last seen · runs locally
  2. dns over https query log forensic analyzerdrop doh resolver query log · parse qname + rcode + resolver id · runs locally
  3. dns over tls session log forensic analyzerdrop dot session log export · parse client + qname + session duration · runs locally
  4. infoblox dns security log forensic analyzerdrop infoblox rpz/security log · parse policy + action + threat feed · runs locally
  5. cloudflare dns firewall log forensic analyzerdrop cloudflare dns firewall log · parse matched rule + query type · runs locally
  6. aws route53 resolver query log forensic analyzerdrop route53 resolver query log · parse vpc + query name + response · runs locally
  7. domain generation algorithm dns cluster detectordrop dns query corpus export · cluster dga-like qname patterns · runs locally
  8. dns tunneling entropy anomaly detectordrop dns query log export · detect high-entropy subdomain bursts · runs locally
  9. split horizon dns policy violation detectordrop internal vs external resolver exports · detect cross-horizon leaks · runs locally
  10. multi resolver dns timeline correlatordrop 2+ dns log exports · unified qname timeline graph · runs locally
ready