fatcousin
// industry vertical

backup / disaster recovery forensics

Veeam · Rubrik · Commvault · Acronis · Datto BCDR · AWS Backup · Azure RSV · backup deletion anomalies · ransomware target tampering · multi-vendor backup timeline correlation.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. veeam backup job session forensic analyzerdrop veeam backup session export · parse job + vm + result + warning · runs locally
  2. rubrik backup snapshot audit forensic analyzerdrop rubrik event export · parse sla domain + snapshot + legal hold · runs locally
  3. backup deletion anomaly detectordrop backup audit log export · detect mass delete + off-hours purge · runs locally
  4. ransomware backup target tampering detectordrop backup repository audit export · detect encryption/delete on backup targets · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. commvault backup job log forensic analyzerdrop commvault job history export · parse subclient + media + failure code · runs locally
  2. acronis backup task export forensic analyzerdrop acronis backup task export · parse plan + agent + result status · runs locally
  3. datto bcdr restore point forensic analyzerdrop datto bcdr snapshot export · parse device + restore point + verification · runs locally
  4. aws backup recovery point forensic analyzerdrop aws backup recovery point export · parse vault + resource + lifecycle · runs locally
  5. azure recovery services vault backup forensic analyzerdrop azure rsv backup item export · parse policy + last backup + health · runs locally
  6. multi vendor backup timeline correlatordrop 2+ backup vendor exports · unified job timeline graph · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper backup / DR coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready