fatcousin
// artifact family

incident response & reporting

28 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
28
catalog slugs
28
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. super timeline builderdrop multiple forensic artifact files · unified timeline · merge evtx registry prefetch lnk browser history mft · correlate events · export · runs locally
  2. forensic timeline builderdrop CSV exports from any forensic tool · merge EVTX · prefetch · LNK · browser history · recycle bin into one chronological timeline · filter · export · runs locally
  3. incident timeline builderdrop multiple CSVs with timestamps from any forensic tool · merge into unified chronological timeline · entity tagging · filter by source · export full timeline · runs locally
  4. multi-artifact correlatordrop CSV exports from any forensic tool · correlate by filename · hash · IP · user across sources · surface cross-artifact matches · export report · runs locally
  5. lateral movement chain visualizerdrop evtx csvs · link logon service creation and remote execution events · reconstruct multi-hop chains · runs locally
  6. ransomware encryption onset timerdrop mft csv and evtx csv · pinpoint the exact moment encryption began · identify patient zero file · work backward to find initial access · correlate with attacker actions · runs locally
  7. ransomware pre-encryption staging detectordrop evtx csv and mft csv · identify pre-encryption staging behaviors · network scanning · credential dumping · data exfiltration before encryption · lateral movement artifacts · runs locally
  8. double extortion evidence collectordrop mft csv · evtx csv · proxy logs · identify data staging directories · compression artifacts · cloud upload indicators · estimate what data was stolen before encryption · runs locally
  9. backup deletion artifact analyzerdrop evtx csvs and vss registry exports · parse deliberate backup deletion across windows backup · veeam artifacts · backup exec artifacts · correlate with ransomware timeline · runs locally
  10. threat score dashboarddrop multiple forensic CSV exports · score each artifact by risk weight · surface top threats · unified anomaly view · entity-level scoring · export report · runs locally
  11. hash set comparerdrop or paste two hash lists · find matches · unique to each set · NSRL known-good filtering · malware hash matching · export diff CSV · runs locally
  12. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
  13. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally
  14. mass rename detectordrop a file listing or dir output · detect bulk renames within short time windows · flag ransomware extension patterns · visualize rename timeline · export CSV · runs locally
  15. suspicious extension scannerdrop a file listing or dir output · scan against 500+ known ransomware extensions · flag double extensions · hidden executables · unusual changes · export report · runs locally
  16. spoliation evidence detectordrop mft or evtx csv · mass delete bursts · timeline gaps · anti-forensics flags · export csv · runs locally
  17. redaction quality verifierdrop pdf or image · text under redact · incomplete black boxes · canvas pixel scan · runs locally
  18. chain of custody gap detectorpaste custody log csv · time gaps over threshold · missing signatures · export findings csv · runs locally
  19. incident scope & blast radius estimatordrop lateral movement csvs · host connection logs · active directory exports · estimate total affected hosts · identify the blast radius · map credential exposure scope · assess data at risk · runs locally
  20. attacker dwell time calculatordrop multiple forensic artifact csvs · identify earliest attacker artifact · calculate total dwell time · map attack phase timeline · identify detection gap · compare to industry benchmarks · runs locally
  21. ioc deduplicator and normalizerdrop multiple ioc lists from any format · deduplicate · normalize · classify by type · validate format · enrich with context · export in stix csv and plain text formats · runs locally
  22. multi-source entity resolverdrop forensic csvs · resolve names emails usernames ips across sources · probabilistic entity profiles · runs locally
  23. investigation knowledge graph builderdrop forensic csv exports · extract entities and relationships · knowledge graph visualization · hub and path analysis · runs locally
  24. forensic artifact confidence scorerdrop forensic finding csvs · score chain of custody · reliability · corroboration · output is a heuristic confidence triage · not an admissibility determination · runs locally
  25. recovery prioritization matrix generatordrop affected asset inventory with business criticality ratings · generate prioritized recovery sequence · consider dependencies · rto rpo requirements · available resources · output sequenced recovery plan · runs locally
  26. lessons learned report generatordrop investigation findings csvs · timeline exports · tool detection reports · generate structured post-incident lessons learned document · root cause · timeline · impact · recommendations · all locally from evidence · runs locally
  27. attacker tool inventory builderdrop all detection csvs from other fatcousin tools · aggregate every detected tool into unified attacker toolkit profile · map to mitre attack · identify sophistication level · infer threat actor type · runs locally
  28. evidence of evidence deletion detectordrop mft csv · usn journal · evtx csvs · prefetch csvs · prove that specific forensic artifacts were deliberately destroyed · mft entries for deleted tool execution logs · prefetch for cleanup utilities · usn entries for mass deletions · the meta-forensic layer · runs locally
ready