fatcousin
// artifact family

file analysis & triage

25 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
25
catalog slugs
25
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. file autopsydrop any file · magic bytes · real format vs extension · entropy · hex header · embedded signatures · damage assessment · runs locally
  2. super file analyzerdrop any file · runs autopsy · entropy · strings · polyglot check · overlay scan · packer detection · outputs one unified forensic report · runs locally
  3. file carverscan any binary for embedded files · JPEG · PNG · PDF · ZIP · MP4 · SQLite · 30+ signatures · extract all · download zip · runs locally
  4. entropy mappervisualize entropy across any file · heatmap by block · find encrypted regions · embedded files · corruption boundaries · runs locally
  5. file entropy slicerdrop any file · interactive entropy heatmap with zoom · click any block to inspect hex · detect encrypted regions · compressed sections · hidden data boundaries · runs locally
  6. overlay / appended data extractordrop any file · find EOF marker for JPEG · ZIP · PDF · PNG · extract data appended after EOF · detect format of appended payload · runs locally
  7. polyglot file detectordrop a file · test against multiple format parsers simultaneously · detect files that satisfy two formats at once · JPEG+ZIP · PDF+ZIP · HTML+ZIP · runs locally
  8. embedded script detectordrop any file · scan for embedded JavaScript · VBA · PowerShell · Python · shell · eval chains · base64 decode sequences · suspicious URLs · runs locally
  9. corrupt image detectorbatch drop photos · check every file for corruption · truncation · bad EXIF · mismatched dimensions · export report · runs locally
  10. checksum verifierdrop a file · paste expected MD5 · SHA1 · SHA256 · SHA512 · verify download integrity · runs locally
  11. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally
  12. file signature batch scannerdrop hundreds of files · detect extension mismatch · magic bytes vs declared extension · batch triage · export report · runs locally
  13. powershell deobfuscatorpaste obfuscated powershell · base64 utf-16 · deflate gzip · concat replace · char arrays · multi-pass · iocs · runs locally
  14. javascript deobfuscatorpaste obfuscated javascript · packed js · fromcharcode · atob · hex unicode · beautify · html script extract · iocs · runs locally
  15. shellcode analyzerhex base64 binary shellcode · x86 x64 disassembly · peb stack strings · nop sled · xor stub · iocs · runs locally
  16. autoit script analyzercompiled autoit exe or au3 · script extraction · risky calls · persistence · download-run · anti-analysis · iocs · runs locally
  17. pdf javascript deobfuscatorextract javascript from pdf · multi-pass decode · exploit heuristics · heap spray hints · iocs · runs locally
  18. forensic timestamp decoderpaste any timestamp value · decode as Windows FILETIME · Unix · Mac Absolute · .NET ticks · Chrome microseconds · GPS · OLE date · HFS+ · all formats at once · runs locally
  19. zip comment forensicsparse zip raw bytes · eocd archive comment · per-entry cd comments · appended data · sfx detection · csv export · runs locally
  20. obfuscated url decodermulti-line urls · percent hex punycode nfkc homoglyph pipeline · auth ip obfuscation flags · step cards · csv export · runs locally
  21. svg forensicsdrop or paste svg · domparser never render · scripts handlers external refs data uris foreignobject · severity scoring · csv · stripped svg download · runs locally
  22. semantic structure-based file carverdrop a raw disk image or binary · carve files based on internal structure consistency rather than just magic bytes · find jpeg-shaped regions by dct statistics · sqlite-shaped regions by btree structure · pe-shaped regions by section validity · finds files that header-based carvers miss · runs locally
  23. ole2 compound document forensic carverdrop a raw disk image or binary · carve ole2 compound documents from raw bytes using directory structure signatures · recover word excel powerpoint old format files · more reliable than header-only carving · reconstruct compound documents from fragments · runs locally
  24. file carve conflict and overlap resolverdrop a raw disk image · identify regions where multiple file carve candidates overlap · score each candidate using structure validity entropy and context · surface the most likely valid interpretation of contested disk regions · runs locally
  25. partial file forensic completion estimatordrop partial or truncated files · estimate what percentage is present · determine what structure is missing · assess whether missing portions would contain forensically significant content · provide format-specific recovery guidance · runs locally
ready