// artifact family
ngfw / firewall platform forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- palo alto traffic log forensic analyzerdrop palo alto traffic log export · parse app-id + rule + session end reason · runs locally
- fortinet fortigate traffic log forensic analyzerdrop fortigate traffic log export · parse policy id + utm refs + action · runs locally
- checkpoint firewall log forensic analyzerdrop checkpoint log export · parse blade + rule + nat hints · runs locally
- cisco firepower connection log forensic analyzerdrop firepower connection event export · parse intrusion policy + file action · runs locally
- juniper srx flow log forensic analyzerdrop srx flow session log export · parse zone + policy + service · runs locally
- sophos firewall traffic log forensic analyzerdrop sophos xg traffic log export · parse fw rule + app control + web filter · runs locally
- watchguard firebox traffic log forensic analyzerdrop watchguard traffic log export · parse policy + geolocation + ips hit · runs locally
- pfsense filterlog forensic analyzerdrop pfsense filterlog export · parse rule number + interface + action · runs locally
- opnsense firewall log forensic analyzerdrop opnsense firewall log export · parse alias + gateway + block/pass · runs locally
- multi ngfw traffic correlatordrop 2+ ngfw traffic exports · correlate src/dst + app overlap · runs locally