// artifact family
email security gateway forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- proofpoint tap alert export forensic analyzerdrop proofpoint tap alert export · parse threat id + sender + url rewrite · runs locally
- mimecast message tracking log forensic analyzerdrop mimecast tracking export · parse delivery route + held/rejected + impersonation · runs locally
- barracuda email security log forensic analyzerdrop barracuda ess log export · parse spam/virus/phish scores + actions · runs locally
- microsoft defender office365 message trace forensic analyzerdrop m365 message trace export · parse delivery status + threat detections · runs locally
- cisco email security appliance log forensic analyzerdrop cisco esa mail log export · parse dlp + outbreak + quarantine events · runs locally
- forcepoint email security gateway log forensic analyzerdrop forcepoint esg log export · parse policy hits + sandbox verdict · runs locally
- email url rewrite chain forensic analyzerdrop secure link rewrite export · parse original vs wrapped url chains · runs locally
- phishing kit landing page artifact forensic extractordrop captured phish kit html/js export · parse form targets + exfil endpoints · runs locally
- bec impersonation thread forensic analyzerdrop gateway + mailbox exports · detect display-name spoof + reply-to drift · runs locally
- email security gateway quarantine release forensic analyzerdrop quarantine release audit export · parse reviewer + release reason timeline · runs locally