fatcousin
// industry vertical

email security gateway forensics

Proofpoint TAP · Mimecast tracking · Barracuda ESS · Microsoft Defender for Office 365 message trace · Cisco ESA · Forcepoint ESG · secure link rewrite chains · phishing kit landing pages · BEC impersonation threads · quarantine release audits.

tools
12
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. proofpoint tap alert export forensic analyzerdrop proofpoint tap alert export · parse threat id + sender + url rewrite · runs locally
  2. microsoft defender office365 message trace forensic analyzerdrop m365 message trace export · parse delivery status + threat detections · runs locally
  3. bec impersonation thread forensic analyzerdrop gateway + mailbox exports · detect display-name spoof + reply-to drift · runs locally
  4. email url rewrite chain forensic analyzerdrop secure link rewrite export · parse original vs wrapped url chains · runs locally
  5. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. mimecast message tracking log forensic analyzerdrop mimecast tracking export · parse delivery route + held/rejected + impersonation · runs locally
  2. barracuda email security log forensic analyzerdrop barracuda ess log export · parse spam/virus/phish scores + actions · runs locally
  3. cisco email security appliance log forensic analyzerdrop cisco esa mail log export · parse dlp + outbreak + quarantine events · runs locally
  4. forcepoint email security gateway log forensic analyzerdrop forcepoint esg log export · parse policy hits + sandbox verdict · runs locally
  5. phishing kit landing page artifact forensic extractordrop captured phish kit html/js export · parse form targets + exfil endpoints · runs locally
  6. email security gateway quarantine release forensic analyzerdrop quarantine release audit export · parse reviewer + release reason timeline · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper email gateway coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready