fatcousin
// evidence type

slack / teams export

workspace export zip · compliance hold bundle · teams json export. channel timelines, deleted-message gaps, file shares — workplace and IP cases.

tools
12
priority
M
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this evidence type.

  1. slack export analyzerdrop a Slack workspace export ZIP · browse channels · users · messages · DMs · file sharing activity · timeline · export CSV · runs locally
  2. slack export forensic analyzerdrop slack workspace export zip or individual channel json files · parse all messages files and users · reconstruct conversation threads · surface file sharing deleted message indicators and user activity patterns · runs locally
  3. slack desktop forensicsdrop slack app data files · parse conversations · channels · users · files · leveldb cache · sqlite databases · runs locally
  4. microsoft teams export forensic analyzerdrop teams export zip or eDiscovery teams json export · parse messages channels and user activity · reconstruct conversation threads and meeting records · surface file sharing deleted messages and guest access events · runs locally
  5. microsoft teams forensicsdrop teams app data files · parse messages · channels · users · calls · leveldb sqlite · runs locally
  6. slack space analyzerdrop a disk image · identify slack space between end of file data and end of cluster · scan for data hidden in slack · visualize · runs locally
  7. natural language writing sample authorship comparatordrop multiple text files or paste writing samples · compute 40 plus stylometric features · sentence length distribution · vocabulary richness · function word frequencies · punctuation patterns · produce similarity score with confidence intervals between samples · runs locally
  8. email thread reconstructordrop multiple .eml files · Message-ID References In-Reply-To tree · missing parent flags · flat timeline · CSV export · runs locally

also useful · secondary tools

supporting and follow-up tools. surface as the investigation widens.

  1. tracked changes forensic reconstructordrop docx file · extract all tracked insertions deletions and format changes · reconstruct the full editing history by author · surface deleted content and identify who removed what · runs locally
  2. document metadata inconsistency finderdrop docx xlsx pptx pdf · core app props vs pdf info · temporal author revision heuristics · tracked changes timeline · runs locally
  3. chain of custody gap detectorpaste custody log csv · time gaps over threshold · missing signatures · export findings csv · runs locally
  4. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
ready