fatcousin
// artifact family

linux systemd native

17 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
17
catalog slugs
17
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. apparmor profile change forensic analyzerdrop apparmor profile dir + audit · parse profile transitions · runs locally
  2. dbus session log forensic analyzerdrop dbus daemon log · parse method calls + signals + service ownership · runs locally
  3. flatpak installation artifact forensic extractordrop /var/lib/flatpak + ~/.local/share/flatpak · parse installed apps + remotes · runs locally
  4. gnome recent files forensic extractordrop ~/.local/share/recently-used.xbel · parse recent files + apps · runs locally
  5. selinux audit log forensic analyzerdrop /var/log/audit/audit.log · parse avc + syscall messages · runs locally
  6. selinux policy diff forensic analyzerdrop two selinux policy dumps · diff booleans + modules + contexts · runs locally
  7. snap package artifact forensic extractordrop /var/lib/snapd · parse installed snaps + revisions + interfaces · runs locally
  8. systemd journal binary forensic analyzerdrop systemd journal .journal · parse messages + cursors + units · runs locally
  9. systemd timer persistence abuse detectordrop systemd timer + service inventory · detect timer-as-persistence patterns · runs locally
  10. systemd unit and timer forensic analyzerdrop /etc/systemd + /lib/systemd dump · parse units + timers + drop-ins + dependencies · runs locally
  11. appimage execution trace forensic analyzerdrop ~/.cache + ~/.local + journal · trace appimage execution events · runs locally
  12. firewalld direct rule modification detectordrop firewalld log + config · detect direct rule abuse · runs locally
  13. gnome tracker database forensic extractordrop gnome tracker db · parse indexed files + metadata · runs locally
  14. kde baloo index forensic extractordrop kde baloo index · parse indexed files + metadata · runs locally
  15. nftables rule change forensic analyzerdrop nftables ruleset dump + journal · parse rule diff · runs locally
  16. systemd resolved dns cache forensic extractordrop systemd-resolved cache · parse cached records · runs locally
  17. ufw rule change forensic analyzerdrop ufw log · parse rule changes + deny/allow stats · runs locally
ready