election integrity investigation
voter-roll tampering, e-pollbook artifacts, ballot-image chain of custody, election-night messaging spoofing, foreign-influence pattern surfacing.
a guided path, not automation — each step opens a tool you run yourself; nothing uploads. progress is saved only in this browser.
wraps the election spoof / influence IOC sweep preset — drop suspect 'official' emails → header validate → pull IOCs → dedupe across sources → severity triage → report
guided steps
- evidence manifest generator
preserve raw .eml + screenshots so the chain holds up under election-contest scrutiny
- email header analyzer
validate SPF / DKIM / DMARC — most election spoof emails fail at least one
- ioc extractor
pull sender domains, look-alike URLs, IPs from the headers + bodies
suggested options · format: json · aggregate: true
- ioc deduplicator and normalizer
merge across the suspect message set — a single influence cluster usually shares 3-5 domains
suggested options · lowercase: true · dropPrivate: false
- ioc bulk validator & triage
score; high-severity IOCs are the ones to escalate to CISA / state election officials
- case report generator
draft a report formatted for state-level cybersecurity intake
suggested options · title: election spoof / influence IOC sweep
when you're done
export a run summary — a small JSON record of which steps you marked done, your notes, and a self-hash so the record can't be silently altered. it is your reproducibility note, not a per-tool receipt: each tool emits its own input→output receipt when you run it.