// artifact family
edr / xdr platform expansion forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- cybereason censor export forensic analyzerdrop cybereason censor export · parse malop + element + severity · runs locally
- withsecure elements edr export forensic analyzerdrop withsecure elements export · parse detection + host + file · runs locally
- malwarebytes nebula threat export forensic analyzerdrop nebula threat export · parse endpoint + threat + action · runs locally
- microsoft defender xdr incident export forensic analyzerdrop defender xdr incident export · parse alert + entity + stage · runs locally
- huntress edr incident export forensic analyzerdrop huntress incident export · parse host + persistence + remediation · runs locally
- edr isolation bypass detectordrop edr response log export · detect host isolation bypass · runs locally
- edr tamper evasion detectordrop edr telemetry export · detect sensor tamper/evasion patterns · runs locally
- edr lateral movement chain correlatordrop edr process tree export · reconstruct lateral movement chain · runs locally
- multi edr endpoint timeline correlatordrop 2+ edr endpoint exports · unified host timeline graph · runs locally
- cross edr identity process correlatordrop edr + iam exports · correlate process user to active accounts · runs locally