// artifact family
network telemetry / ndr
12 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- zeek conn log forensic deep analyzerdrop zeek conn.log · parse session metadata + duration anomalies · runs locally
- zeek dns log forensic deep analyzerdrop zeek dns.log · parse query + answer pairs + dga heuristics · runs locally
- zeek ssl log forensic deep analyzerdrop zeek ssl.log · parse ja3/ja3s + cert subjects + version downgrades · runs locally
- zeek http log forensic deep analyzerdrop zeek http.log · parse request/response + ua + uri anomalies · runs locally
- zeek files log forensic deep analyzerdrop zeek files.log · parse transferred files + hashes + mime · runs locally
- suricata eve log forensic deep analyzerdrop suricata eve.json · parse alerts + flow + protocol metadata · runs locally
- suricata rule match coverage analyzerdrop suricata rule set + eve.json · score detection coverage gaps · runs locally
- arkime pcap session export forensic analyzerdrop arkime session export · parse session metadata · runs locally
- corelight export forensic analyzerdrop corelight export bundle · parse zeek + suricata logs together · runs locally
- darktrace incident export forensic analyzerdrop darktrace incident export · parse model breaches + behaviours · runs locally
- vectra detection export forensic analyzerdrop vectra detection export · parse priority + entities · runs locally
- stealthwatch flow export forensic analyzerdrop cisco stealthwatch flow export · parse flows + behavior · runs locally