fatcousin
// industry vertical

certificate / PKI forensics

CT logs · PKCS12 keystores · code-signing chains · TLS client auth · ACME issuance · Certbot · Windows certutil · macOS keychain trust · OCSP/CRL revocation · AD CS template misuse across cert lifecycle exports.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. certificate transparency log forensic analyzerdrop ct log entry export · parse issuer + sans + precert/notary · runs locally
  2. code signing certificate chain forensic analyzerdrop signed binary + cert chain export · parse publisher + timestamp + eku · runs locally
  3. enterprise pki template misuse detectordrop ad cs issuance log export · detect suspicious template + subject patterns · runs locally
  4. revoked certificate ocsp crl forensic analyzerdrop ocsp/crl check log export · parse serial + revocation time + reason · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. pkcs12 keystore metadata forensic extractordrop pkcs12/pfx metadata export · parse friendly name + cert count + expiry · runs locally
  2. tls client certificate handshake log forensic analyzerdrop tls client auth handshake log · parse client cert subject + verify result · runs locally
  3. acme certificate issuance audit forensic analyzerdrop acme server audit export · parse account + order + authorization · runs locally
  4. lets encrypt certbot log forensic analyzerdrop certbot/lego log export · parse domain + challenge type + renewal · runs locally
  5. windows certutil cert store export forensic analyzerdrop certutil -store export · parse thumbprint + template + private key hint · runs locally
  6. macos keychain certificate trust forensic analyzerdrop macos keychain cert export · parse trust settings + access control · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper PKI coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready