fatcousin
// industry vertical

healthcare / DICOM / EHR audit

DICOM metadata, HL7 audit trails, EHR access logs, HIPAA breach notification scoping. PHI sensitivity demands strict chain-of-custody.

tools
12
priority
M
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. dicom medical imaging metadata forensic analyzerdrop dicom files · parse metadata tags · extract patient equipment data · detect anonymization failures · runs locally
  2. microsoft access database forensic analyzerdrop mdb or accdb files · parse jet database structure · extract tables · recover deleted records · vba macro scan · runs locally
  3. data access pattern anomaly detectordrop file access logs or security evtx with object access events · compute per-user access baselines · detect bulk access · off-hours access · cross-department access · unusual file type access · statistical outlier sessions · runs locally
  4. user behavior baseline profilerdrop months of logon evtx csvs or auth log exports · build statistical baseline per user · active hours · session duration · machine affinity · flag any session that deviates significantly from that user's normal pattern · runs locally
  5. log file authenticity and integrity scorerdrop any log file · verify internal consistency · line endings · timestamps · detect log injection · fabrication indicators · authenticity score · runs locally
  6. redaction quality verifierdrop pdf or image · text under redact · incomplete black boxes · canvas pixel scan · runs locally
  7. chain of custody gap detectorpaste custody log csv · time gaps over threshold · missing signatures · export findings csv · runs locally
  8. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. windows event log gap analyzerdrop multiple evtx · merged timeline · logging gaps · clearing events · ransomware prep chains · service persistence hints · runs locally
  2. log ingestion gap and silent host detectordrop siem export or event log collector export · identify machines that stopped sending logs · calculate expected vs actual log volume per host · detect hosts that went dark · flag suspicious silences · runs locally
  3. office365 audit log analyzerdrop m365 unified audit log json or csv · flag inbox forward rules · mailbox forwarding · bulk downloads · global admin role adds · high-scope consent · audit log disabled · runs locally
  4. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally
// pattern-matched

related tools

tools that the manifest-classifier flagged as plausibly useful here but that aren't in the hand-curated lists above. less editorial weight — scan, don't work top-down.

want deeper healthcare coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready