fatcousin
// artifact family

mobile anti-forensics

15 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
15
catalog slugs
15
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. mobile app deletion burst artifact detectordrop iOS or Android app install/uninstall records (iTunes backup Manifest.db, knowledgeC.db, ApplicationState.db, Android packages.xml, MobileInstallation.log, or logcat) · detect bursts of app deletions in short time windows · identify forensically significant app categories deleted · surface deletion timing relative to acquisition date · distinguish normal app management from pre-examination evidence destruction · runs locally
  2. mobile conversation deletion pattern detectordrop iOS sms.db, WhatsApp ChatStorage.sqlite, Signal signal.sqlite, or Android mmssms.db with optional comparison versions · detect patterns of conversation deletion across all messaging platforms · surface contact-specific deletion, temporal deletion windows, and pre-acquisition cleanup · distinguish normal message management from targeted evidence destruction · runs locally
  3. mobile factory reset evidence artifact detectordrop iOS backup Info.plist / Status.plist or Android recovery logs, getprop output, and filesystem listings · detect artifacts indicating a factory reset occurred · distinguish first-time setup from post-reset setup · surface data remnants that survived the reset · assess completeness of the wipe · runs locally
  4. mobile remote wipe artifact detectordrop iOS backup files, MDM enrollment plists, or Android DevicePolicyManager logs and logcat output · detect evidence of remote wipe commands being issued or executed · identify the wipe initiator (MDM, Find My iPhone, Google Find My Device, Samsung Find My Mobile) · surface wipe timing and scope · assess whether wipe was completed or interrupted · runs locally
  5. mobile date and time manipulation artifact detectordrop ios backup databases or android listings · multi-source timestamp analysis · gps exif vs system clock · build date anchor · sequential rowid integrity · midnight/future clustering · runs locally
  6. mobile airplane mode artifact timeline analyzerdrop knowledgec.db logcat or powerlog · reconstruct airplane mode sessions · correlate offline periods with app activity · duration and frequency patterns · runs locally
  7. mobile vpn activation pattern artifact analyzerdrop netusage.sqlite knowledgec.db or logcat · vpn tunnel timeline · utun interface traffic · kill switch heuristics · sensitive app correlation · runs locally
  8. mobile privacy mode app usage artifact detectordrop knowledgec.db screen time or usage stats · privacy browser and e2e app sessions · orchestration pattern detection · private browsing coverage · runs locally
  9. mobile screen time manipulation artifact detectordrop screen time db + knowledgeC · cross-source ratio · pickup consistency · clearing events · reliability assessment · runs locally
  10. mobile location services disable artifact detectordrop powerlog knowledgeC routined cache logcat · location off timeline · visit gaps · pre-acquisition disable · runs locally
  11. mobile find my disable artifact detectordrop iCloud find my plists · unified log · android logcat · disable timeline · anti-forensic correlation · runs locally
  12. mobile biometric change artifact detectordrop unified log · biometrickitd plist · android logcat · enrollment delete bursts · pre-acquisition significance · runs locally
  13. mobile passcode change burst artifact detectordrop iOS logs plists or Android logcat and locksettings database · detect passcode change events · surface credential type changes · identify passcode change bursts · assess complexity weakening · runs locally
  14. mobile app permission revocation burst artifact detectordrop iOS TCC database unified logs or Android runtime-permissions.xml and logcat · detect permission revocation bursts · flag camera microphone location revocations · surface pre-acquisition evidence gaps · runs locally
  15. mobile notification disable pattern artifact detectordrop iOS notification plists Screen Time database or Android logcat and notification policy · detect notification disable bursts · flag messaging and banking app silencing · Screen Time notification drops · runs locally
ready