fatcousin
// industry vertical

retail / POS / loss prevention

POS terminal forensics, EMV trace analysis, refund-fraud pattern detection, RAM-scraper malware family ID.

tools
9
priority
L
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. process memory string extractordrop raw memory dump or strings text · streaming ascii utf-16le extraction · urls ips credentials c2 iocs · csv export · runs locally
  2. memory string timeline reconstructordrop multiple timestamped string extractions or timeline csv · new removed persistent strings · ioc temporal tracking · runs locally
  3. credential artifact scannerdrop a memory dump · scan for plaintext credentials · NTLM hashes · OAuth tokens · API keys · session cookies · Base64 secrets · export CSV · runs locally
  4. pe analyzerdrop a Windows executable · parse PE headers · sections · imports · exports · entropy per section · detect packers · imphash · runs locally
  5. ransomware family identifierdrop encrypted file samples · ransom notes · iocs · fingerprint against 200+ families · output family name · known decryptors · nomoransom hints · extension patterns · c2 patterns · runs locally
  6. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. string ioc correlatorpaste string output or drop binary · match against 300+ known malware family signatures · C2 patterns · mutex names · registry keys · user-agents · export matches · runs locally
  2. yara scannerwrite YARA-like rules · scan any file locally · string and byte pattern matching · condition logic · export match report · runs locally
  3. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally

want deeper retail coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready