// artifact family
endpoint dlp forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- microsoft purview dlp incident forensic analyzerdrop purview dlp incident export · parse policy + sensitive info types + actions · runs locally
- forcepoint dlp incident log forensic analyzerdrop forcepoint dlp event export · parse channel + severity + destination · runs locally
- symantec dlp incident export forensic analyzerdrop symantec/broadcom dlp incident export · parse rule + endpoint + match count · runs locally
- netskope dlp alert forensic analyzerdrop netskope dlp alert export · parse app + activity + policy hit · runs locally
- digital guardian dlp event forensic analyzerdrop digital guardian event export · parse operation + file path + user · runs locally
- proofpoint dlp violation forensic analyzerdrop proofpoint dlp violation export · parse channel + dictionary + action taken · runs locally
- endpoint dlp usb exfil block log analyzerdrop endpoint dlp usb block log · parse device id + file hash + policy · runs locally
- dlp false positive pattern cluster detectordrop dlp incident corpus export · cluster repeated benign matches · runs locally
- dlp policy severity escalation correlatordrop dlp incident timeline export · detect severity jumps + repeat offender · runs locally
- multi vendor dlp incident correlatordrop 2+ dlp vendor exports · correlate user + file hash overlap · runs locally