// artifact family
virtualization / hypervisor forensics
10 browser-only forensics tools in this catalog group — browse by artifact family when you know the kind of evidence you are working with, not the investigation pattern.
tools in this family
ordered as in the forensics catalog. every tool runs locally — no upload, no account.
- vmware vcenter audit log forensic analyzerdrop vcenter audit log export · parse user + target + task name · runs locally
- microsoft hyper v event log forensic analyzerdrop hyper-v event log export · parse vm + host + integration service · runs locally
- proxmox ve task log forensic analyzerdrop proxmox task log export · parse node + vmid + task result · runs locally
- nutanix prism audit log forensic analyzerdrop nutanix prism audit export · parse entity + operation + cluster · runs locally
- ovirt engine event log forensic analyzerdrop ovirt engine event export · parse vm + host + quota · runs locally
- vm snapshot deletion anomaly detectordrop hypervisor snapshot audit export · detect mass snapshot purge · runs locally
- hypervisor console access forensic analyzerdrop vm console access log · parse user + vm + session duration · runs locally
- virtual machine migration timeline correlatordrop vmotion/live migration log export · unified vm move timeline · runs locally
- rogue vm clone detectordrop vm inventory export · detect unauthorized clones + uuid drift · runs locally
- multi hypervisor inventory correlatordrop 2+ hypervisor inventory exports · correlate vm uuid + name overlap · runs locally