fatcousin
// industry vertical

DRM / content protection forensics

Widevine · FairPlay · PlayReady · HDCP · browser EME sessions · Apple FPS · Android MediaDrm · Chromecast DRM — parse license chains + keybox artifacts + renewal anomalies locally.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. widevine license request forensic analyzerdrop widevine license request/response export · parse pssh + key ids + security level · runs locally
  2. playready license chain forensic analyzerdrop playready license xml/bin export · parse rights + restriction + renewal chain · runs locally
  3. eme browser media key session forensic analyzerdrop browser eme session export · parse key ids + session types + expiration · runs locally
  4. drm license renewal anomaly detectordrop drm license timeline export · detect burst renewals + geo/device mismatch · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. widevine keybox artifact forensic extractordrop android keybox/xml export · parse device id + provisioning status · runs locally
  2. fairplay streaming key artifact forensic analyzerdrop fairplay streaming key export · parse content key context + skd · runs locally
  3. hdcp handshake log forensic analyzerdrop hdcp auth handshake log · parse sink/source caps + link failure codes · runs locally
  4. apple fps streaming artifact forensic extractordrop apple fps streaming cache export · parse skd + certificate chain hints · runs locally
  5. android mediadrm session forensic analyzerdrop android mediadrm session log · parse scheme + offline license + restore · runs locally
  6. chromecast widevine drm session forensic analyzerdrop cast receiver drm log export · parse stream type + hdcp level · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper DRM coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready