insider threat / data exfiltration
departing employee, IP theft, USB exfil, cloud-share leak. evidence patterns: access-anomaly + peer-comparison + after-hours activity.
a guided path, not automation — each step opens a tool you run yourself; nothing uploads. progress is saved only in this browser.
wraps the insider threat — behavior kit preset — drop access logs + workstation exports → insider score → anomaly detect → peer compare → baseline → authorship → LNK timeline → report
guided steps
- evidence manifest generator
hash every export before scoring — HR/legal cases require reproducible inputs
- insider threat behavioral indicator scorer
composite insider-risk score from access + activity signals
- data access pattern anomaly detector
flag outlier access patterns vs the user's historical baseline
- peer group statistical outlier analyzer
compare the subject's activity to peers in the same role
- user behavior baseline profiler
build a behavioral baseline from the provided log exports
- natural language writing sample authorship comparator
compare writing style across messages if authorship is disputed
- lnk file batch timeline correlator
reconstruct file-access timeline from LNK / shortcut artifacts
- case report generator
draft an HR/legal-ready report on access anomalies + exfil indicators
suggested options · title: insider threat — behavior assessment
when you're done
export a run summary — a small JSON record of which steps you marked done, your notes, and a self-hash so the record can't be silently altered. it is your reproducibility note, not a per-tool receipt: each tool emits its own input→output receipt when you run it.