fatcousin
// first 10 minutes

livestream impersonation / creator takeover — quick-start

livestream impersonation — first 10 minutes. stop the broadcast, preserve chat. print this, check boxes, then run the primary tools.

checklist

  1. end the unauthorized broadcast — terminate stream, rotate stream key, revoke suspicious OAuth apps; document who clicked what before cleanup.
  2. screenshot studio dashboard (live status, stream health, active encoders) with UTC timestamp.
  3. hash and copy OBS/Streamlabs config folders from creator machine — before any fix-streaming wizard runs.
  4. export live chat from twitch and/or youtube for the impersonation window — do not wait for VOD processing.
  5. download VOD or enable archive immediately — partial segment preserves video and audio artifacts.
  6. pull google account activity and OAuth app list — studio takeover often trails mailbox or drive compromise.
  7. list third-party broadcast tools authorized in the last 30 days — restream, streamlabs cloud, bot OAuth.
  8. preserve tip/donation panel configs and pinned links — scam streams redirect wallets fast.
  9. notify platform trust & safety with stream id, start time, and hashes — parallel to local work.
  10. begin the primary tool path below — only after copies exist; re-encoding locally destroys cues.

primary tools

  1. 01obs streamlabs config forensic analyzerdrop obs / streamlabs profile + scenes config · surface stream-key references, source list, hotkeys
  2. 02twitch chat log forensic analyzerdrop twitch chat log export · parse user messages + moderation events
  3. 03youtube gaming stream chat forensic analyzerdrop youtube live chat replay json · parse messages, super-chats, mod actions
  4. 04video deepfake analyzerdrop a short video · sample frames · blink rate · face boundary flicker · temporal inconsistency score · runs locally
  5. 05ai synthetic voice generation artifact analyzeranalyze synthetic voice generation artifacts and identify possible AI-generated speech characteristics · spectrogram consistency, prosody, splice boundaries · runs locally
  6. 06google account activity export forensic deep analyzerdrop google takeout 'my activity' html/json · parse per-product activity timeline · flag credential recovery access events · csv/json export · runs locally
  7. 07casb oauth token abuse detectordrop casb oauth grant export · detect excessive scope grants · runs locally

go deeper

methodology →case type tools →
ready