// artifact family
ics vendor / hmi platform forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- inductive automation ignition audit log forensic analyzerdrop ignition audit export · parse tag + project + user action · runs locally
- siemens wincc audit log forensic analyzerdrop wincc audit export · parse screen + tag + operator · runs locally
- rockwell factorytalk audit log forensic analyzerdrop factorytalk audit export · parse controller + tag + change · runs locally
- ge ifix audit log forensic analyzerdrop ifix audit export · parse alarm + tag + operator · runs locally
- vtscada event log forensic analyzerdrop vtscada event export · parse alarm + device + ack · runs locally
- hmi tag database change detectordrop hmi tag db export · detect unauthorized tag modifications · runs locally
- plc program upload anomaly detectordrop plc upload log export · detect off-hours program uploads · runs locally
- scada operator command anomaly detectordrop scada command log export · detect dangerous operator commands · runs locally
- multi hmi alarm timeline correlatordrop 2+ hmi alarm exports · unified scada alarm timeline graph · runs locally
- cross ics hmi network correlatordrop hmi + network flow exports · correlate tag change to ip/session · runs locally