// artifact family
ransomware / leak site forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- ransomware negotiation chat log forensic analyzerdrop negotiation chat export · parse actor aliases + demands + deadline shifts · runs locally
- ransomware victim portal access log forensic analyzerdrop victim portal access log · parse login tokens + download attempts + ip hints · runs locally
- double extortion leak site post forensic analyzerdrop leak site post html/json export · parse victim name + file tree + countdown · runs locally
- leak site onion service metadata forensic extractordrop onion service descriptor export · parse v3 address + intro points + cert hints · runs locally
- ransom note variant cluster forensic analyzerdrop ransom note text corpus · cluster variants + language + btc address reuse · runs locally
- ransomware initial access staging timeline correlatordrop edr + portal + note exports · correlate staging → encryption timeline · runs locally
- ransomware group affiliate switch detectordrop negotiation + leak post exports · detect rebrand/affiliate handoff patterns · runs locally
- ransomware payment channel trace forensic analyzerdrop payment instructions export · parse btc/xmr/onion callback + amount drift · runs locally
- ransomware tor callback artifact forensic extractordrop tor hidden service callback log · parse session ids + user-agent + timing · runs locally
- ransomware data exfil manifest forensic analyzerdrop exfil manifest csv/json · parse file counts + paths + upload batch timeline · runs locally