fatcousin
// industry vertical

utilities / SCADA / OT

ICS/OT incident response — historian data, HMI screenshots, PLC program-change audit, vendor-specific binary firmware analysis.

tools
10
priority
M
processing
local · in browser

start here · primary tools

ordered. work top-down. the first tool is the suggested entry point for this vertical.

  1. firmware image analyzerdrop a firmware image · detect format · extract filesystem · find credentials · ssh keys · certificates · hardcoded strings · runs locally
  2. iot firmware forensic extractorphase1 magic signature scan · phase2 streaming ascii strings urls credentials pem-ish · phase3 uimage + squash metadata surface · heuristic · no filesystem mount · csv+json export · runs locally
  3. pcap readerdrop a .pcap or .pcapng · parse packets · filter by protocol · extract HTTP · DNS · plaintext credentials · runs locally
  4. pcap / pcapng analyzerdrop a pcap or pcapng file · packet list · protocol breakdown · tcp stream reconstruction · dns queries · http requests · connection graph · runs locally
  5. protocol misuse detectordrop pcap or pcapng file · detect protocols being used outside their standard specification · identify c2 channels hidden in legitimate protocols · surface application data on wrong ports and protocol-level anomalies · runs locally
  6. network flow anomaly detectordrop pcap pcapng or zeek conn log · apply statistical anomaly detection to network flows · surface outliers in byte count duration connection rate and port usage · identify scanning exfiltration and tunneling anomalies · runs locally
  7. case report generatorfill in case number · examiner · dates · findings · drop evidence files for auto hash · generates structured forensic report PDF · runs locally

also useful · secondary tools

cross-cutting tools that surface depending on the specific investigation.

  1. incident timeline builderdrop multiple CSVs with timestamps from any forensic tool · merge into unified chronological timeline · entity tagging · filter by source · export full timeline · runs locally
  2. multi-artifact correlatordrop CSV exports from any forensic tool · correlate by filename · hash · IP · user across sources · surface cross-artifact matches · export report · runs locally
  3. evidence manifest generatordrop evidence files · compute md5 sha1 sha256 · chain of custody manifest · case number · analyst · export pdf and csv · runs locally
// pattern-matched

related tools

tools that the manifest-classifier flagged as plausibly useful here but that aren't in the hand-curated lists above. less editorial weight — scan, don't work top-down.

want deeper SCADA coverage?

this vertical is intentionally sparse — deep-moat coverage grows over time. tracked in the forensics rollout.

ready