fatcousin
// artifact family

timestamp & log forensics

14 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.

tools
14
catalog slugs
14
processing
local · in browser

tools in this family

ordered as in the forensics catalog. every tool runs locally — no upload, no account.

  1. timestamp cross-source validatordrop mft exif filesystem document and log csvs · cross-source timestamp contradictions · authenticity score · export csv · runs locally
  2. timezone conflict and inference tooldrop multiple forensic csvs · infer utc offsets · detect timezone contradictions · unified timeline export · runs locally
  3. system clock skew forensic analyzerdrop multi-system log exports · skew matrix · ntp evidence · causal violations · corrected timeline csv · runs locally
  4. daylight saving time artifact analyzerdrop event log or forensic csvs · skipped and repeated hour detection · dst transition calendar · export csv · runs locally
  5. timestamp precision and resolution analyzerdrop mft or artifact csvs · sub-second precision patterns · synthetic timestamp detection · digit distribution · export csv · runs locally
  6. log gap statistical anomaly detectordrop timestamped log csv · model event frequency · detect improbable gaps · poisson scoring · multi-log correlation · export csv · runs locally
  7. file birth time deep analyzerdrop mft csv · compare si vs fn vs indx · detect birth time inconsistencies · copy vs create · export csv · runs locally
  8. ntfs file born-time consensus enginedrop mft csv · usn journal csv · logfile operation export · indx csv · correlate all four timestamp sources for every file · produce consensus born-time with confidence score · expose disagreements that prove tampering · runs locally
  9. filesystem clock accuracy validatordrop a disk image or mft csv with event logs · cross-correlate timestamps with ntp sync events · tls certificate timestamps · email received headers · establish how accurate the system clock actually was · detect deliberate clock manipulation · runs locally
  10. filesystem event lsn ordering validatordrop logfile operation csv and mft csv · use log sequence numbers as tamper-resistant event ordering · prove which file system events occurred first · expose timestamp inversions that are physically impossible · validate or invalidate claimed event sequences · runs locally
  11. log file authenticity and integrity scorerdrop any log file · verify internal consistency · line endings · timestamps · detect log injection · fabrication indicators · authenticity score · runs locally
  12. windows etl event trace log parserdrop windows etl binary files · parse event trace log format · decode provider guids · bits wfp dns extraction · export csv · runs locally
  13. log ingestion gap and silent host detectordrop siem export or event log collector export · identify machines that stopped sending logs · calculate expected vs actual log volume per host · detect hosts that went dark · flag suspicious silences · runs locally
  14. unified login session reconstructordrop 4624 evtx · rdp logs · vpn logs · ssh logs · browser cookie databases · srum csv · build one unified session per user per day across all authentication sources · identify gaps · flag impossible sessions · runs locally
ready