// artifact family
secrets manager / pam forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- aws secrets manager access log forensic analyzerdrop aws secrets manager cloudtrail export · parse secret arn + caller + get/put timeline · runs locally
- azure key vault access audit forensic analyzerdrop azure key vault diagnostic export · parse key/secret operations + caller ip · runs locally
- gcp secret manager access log forensic analyzerdrop gcp secret manager audit export · parse secret version + accessor + iam principal · runs locally
- doppler secrets sync audit forensic analyzerdrop doppler audit log export · parse project + secret + sync target · runs locally
- cyberark privileged access session forensic analyzerdrop cyberark pvwa session export · parse safe + account + recording id · runs locally
- beyondtrust password safe session forensic analyzerdrop beyondtrust session export · parse managed account + jump host + reason · runs locally
- one password connect audit log forensic analyzerdrop 1password connect audit export · parse vault + item + token client · runs locally
- bitwarden secrets manager audit forensic analyzerdrop bitwarden secrets manager audit export · parse project + secret + machine account · runs locally
- secrets rotation failure timeline correlatordrop rotation job log export · correlate failed rotations + stale secret use · runs locally
- cross vault secret access correlatordrop 2+ vault/secret manager exports · correlate principal + secret name overlap · runs locally