fatcousin
// artifact family

email forensics

32 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
32
catalog slugs
32
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. email header analyzerpaste raw email headers · trace hop-by-hop routing · SPF · DKIM · DMARC · detect spoofing · visualize delivery path · runs locally
  2. email header chain visualizerpaste raw email headers · visualize routing chain · hop timestamps · delays · ip classification · spf dkim dmarc · spoofing analysis · runs locally
  3. phishing email header analyzerpaste email headers · trace delivery hop chain · flag SPF · DKIM · DMARC mismatches · extract sender IPs · detect header injection · identify spoofing · runs locally
  4. eml / msg parserdrop a .eml or .msg file · extract headers · body · attachments · MIME parts · metadata · runs locally
  5. email carverdrop any binary · disk image · memory dump · scan for rfc 2822 email headers · extract complete emails · reconstruct eml files · runs locally
  6. eml deep analyzerdrop an eml file · full mime parsing · routing headers · spf dkim dmarc · attachment extraction · ioc extraction · spoofing detection · runs locally
  7. email attachment scannerdrop .eml or .msg · extract every attachment · check MIME type vs actual content · flag macro-enabled docs · executables disguised as other formats · export inventory · runs locally
  8. mbox readerdrop a .mbox archive (Thunderbird · Gmail Takeout) · list all messages · headers · body · attachments · export individual .eml files · runs locally
  9. mbox analyzerdrop an mbox file · parse all messages · timeline · sender network · search · attachment inventory · runs locally
  10. pst / ost readerdrop an Outlook .pst or .ost file · detect magic bytes · extract readable strings · heuristic message structure detection · export addresses and subjects · runs locally
  11. nk2 autocomplete parserdrop Outlook .nk2 or stream_autocomplete dat · MAPI display and SMTP rows · 2013+ magic scan · table export · runs locally
  12. mail rule parserdrop Outlook rules.dat or Thunderbird msgFilterRules.dat · rule names conditions actions · flag suspicious forward redirect · CSV export · runs locally
  13. email thread reconstructordrop multiple .eml files · Message-ID References In-Reply-To tree · missing parent flags · flat timeline · CSV export · runs locally
  14. dkim verifierpaste raw email and DKIM public key · relaxed canonicalization · body bh hash · WebCrypto RSA verify · step-by-step results · runs locally
  15. calendar invite and meeting forensic analyzerdrop ics files or calendar exports · meeting history · attendees · recurrence · organizer graph · suspicious patterns · csv export · runs locally
  16. email bounce and ndr forensic analyzerdrop bounced eml or ndr messages · delivery failure codes · mail infrastructure map · valid vs invalid recipients · csv export · runs locally
  17. email thread reconstructordrop multiple eml files or mbox · reconstruct conversation threads using message-id in-reply-to and references headers · visualize reply chains · surface missing messages in threads and identify thread hijacking · runs locally
  18. .eml / .msg email header chain analyzerdrop eml or msg email file or paste raw headers · parse all headers · reconstruct the full routing chain · extract all forensically significant fields · surface inconsistencies in the header chain · runs locally
  19. email spoofing and SPF/DKIM/DMARC header validatorpaste raw email headers or drop eml file · validate authentication headers · detect spoofing indicators · surface spf dkim and dmarc results · identify header inconsistencies indicating spoofed or forged email · runs locally
  20. PST / MBOX artifact timeline builderdrop mbox file or pst csv export · parse all email records · build chronological message timeline · surface communication patterns gaps and anomalies · reconstruct folder structure and label history · runs locally
  21. received header hop analyzerpaste raw email headers or drop eml · parse all received headers · reconstruct smtp routing path hop by hop · compute per-hop timing · surface anomalous delays private ips and inconsistent hostnames · runs locally
  22. email delay anomaly detectordrop multiple eml files or mbox · detect unusual delays in email delivery · identify emails that sat in queues longer than expected · surface time manipulation and retrograde timestamp anomalies across message batches · runs locally
  23. email metadata stripping detectordrop eml files or paste headers · detect evidence that metadata was stripped from the email before sending · identify missing headers that should be present · surface privacy-enhancing metadata removal indicating deliberate anonymization · runs locally
  24. email reply-chain reconstructordrop eml files or mbox · extract and reconstruct quoted reply chains from email bodies · surface original messages hidden in reply threads · identify content added at each reply stage · detect reply chain manipulation · runs locally
  25. email timezone inference tooldrop multiple eml files or mbox · infer sender timezone from email date headers and received timestamps · reconstruct sender working hours · surface timezone inconsistencies across a correspondence set · runs locally
  26. email attachment hash extractor and analyzerdrop eml files or mbox · extract all attachments · compute md5 sha1 sha256 hashes · identify file types by magic bytes · surface suspicious attachment types and hash-based threat intel lookup links · runs locally
  27. phishing URL extractor from email bodydrop eml files or paste email body html · extract all urls from email body and headers · decode obfuscated and redirected urls · surface phishing indicators and malicious link patterns · runs locally
  28. mailer and email client fingerprint identifierdrop eml files or paste headers · identify the email client or service that sent the message · detect inconsistencies between claimed and actual mailer · surface forged x-mailer headers and mailer fingerprint mismatches · runs locally
  29. email impersonation pattern detectordrop multiple eml files or paste headers · detect display name spoofing domain lookalikes and reply-to hijacking · identify impersonation patterns targeting specific individuals or organizations · surface BEC and CEO fraud indicators · runs locally
  30. email client fingerprint deep analyzerdrop eml files · perform deep multi-signal fingerprinting of the email client or service · cross-reference message-id mime structure encoding and header patterns · produce a confidence-ranked list of likely senders · runs locally
  31. email HTML payload extractor and analyzerdrop eml files · extract html body from mime · analyze html structure for malicious patterns · surface embedded scripts iframes tracking pixels and obfuscated content · runs locally
  32. email encoding anomaly detectordrop eml files or paste raw email · detect unusual or inconsistent encoding in email headers and body · surface charset mismatches double encoding and deliberate encoding obfuscation · identify encoding used to bypass filters · runs locally
ready