fatcousin
// industry vertical

legal / eDiscovery / litigation hold

review-set hashing, privilege-log support, custodian-mailbox prep, BCC fanout, deduplication, Bates-stamping. integrates with the broader /tools doc workflow.

tools
15
priority
H
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. email thread reconstructordrop multiple .eml files · Message-ID References In-Reply-To tree · missing parent flags · flat timeline · CSV export · runs locally
  2. email thread reconstructordrop multiple eml files or mbox · reconstruct conversation threads using message-id in-reply-to and references headers · visualize reply chains · surface missing messages in threads and identify thread hijacking · runs locally
  3. eml deep analyzerdrop an eml file · full mime parsing · routing headers · spf dkim dmarc · attachment extraction · ioc extraction · spoofing detection · runs locally
  4. mbox analyzerdrop an mbox file · parse all messages · timeline · sender network · search · attachment inventory · runs locally
  5. pst / ost readerdrop an Outlook .pst or .ost file · detect magic bytes · extract readable strings · heuristic message structure detection · export addresses and subjects · runs locally
  6. tracked changes forensic reconstructordrop docx file · extract all tracked insertions deletions and format changes · reconstruct the full editing history by author · surface deleted content and identify who removed what · runs locally
  7. office document revision history extractordrop docx xlsx pptx or odt file · extract full revision and version history metadata · reconstruct authorship timeline · surface who created modified and saved the document and when · runs locally
  8. redaction quality verifierdrop pdf or image · text under redact · incomplete black boxes · canvas pixel scan · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. document metadata genealogy tracerdrop related documents · trace ancestor versions through metadata · revision counts · author chains · template references · printer fingerprints · reconstruct document family history · runs locally
  2. document metadata inconsistency finderdrop docx xlsx pptx pdf · core app props vs pdf info · temporal author revision heuristics · tracked changes timeline · runs locally
  3. spoliation evidence detectordrop mft or evtx csv · mass delete bursts · timeline gaps · anti-forensics flags · export csv · runs locally
  4. chain of custody gap detectorpaste custody log csv · time gaps over threshold · missing signatures · export findings csv · runs locally
  5. hash set comparerdrop or paste two hash lists · find matches · unique to each set · NSRL known-good filtering · malware hash matching · export diff CSV · runs locally
  6. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally
  7. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally
// pattern-matched

related tools

tools that the manifest-classifier flagged as plausibly useful here but that aren't in the hand-curated lists above. less editorial weight — scan, don't work top-down.

want deeper eDiscovery coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready