reviewer kit
start here if you are counsel, an opposing expert, or dfir leadership evaluating fatcousin forensics. jump to the technical brief for a single inventory, or follow the reading path below for deep dives. not collection-stage chain-of-custody software — hash-anchored analysis-phase session custody log infrastructure designed to support examiner testimony and your review, with upstream acquisition, independent verification, and qualified legal advice still required.
technical brief
single-page inventory for external reviewers — custody infrastructure, catalog scope, verification summary, and honest boundaries. the web page is canonical; the pdf is a versioned printable export.
version 1.0.0 · last reviewed 2026-05-30 · site build 9d46f0e
download pdf · /press/fatcousin-reviewer-brief-v1.0.0.pdf →
document SHA-256: fffbc772962bacbd75582d600d5c5992507ef1a4441fa3a3462326a722825501
citation: FatCousin Forensics reviewer brief v1.0.0 (2026-05-30), https://fatcousin.com/forensics/reviewer-kit#brief, document SHA-256: fffbc772962bacbd75582d600d5c5992507ef1a4441fa3a3462326a722825501
catalog scope
- 5,194 tools site-wide across 17 categories
- 4,004 forensic tools in the public catalog
- 52 case-type playbooks · 55 reference proof investigations
- forensic grade distribution — A: 3,454 · B: 550 · C: 0 · D: 0
- production build sha (when deployed): 9d46f0e
what it is / what it is not
fatcousin forensics is a local-first browser toolbox for analysis-phase digital incident response. investigators load vendor exports and artifacts on a machine they control; processing runs in JavaScript and Web Workers; structured output and custody events stay on the device unless the investigator chooses to export them.
this is not collection-stage chain-of-custody software, not a SIEM, not an EDR, and not a managed IR service. it ships hash-anchored analysis-phase session custody log infrastructure — sha-256 on inputs and outputs, append-only custody events, .fc-case export with manifest.sha256 sidecar, optional ed25519 signing, and client-side interop exports — designed to support examiner testimony and counsel review. upstream acquisition, independent verification, and qualified legal advice remain required.
analysis-phase custody infrastructure
- case sessions in localStorage — tool slug, version, build sha, timestamps, input filenames, sha-256 of inputs, optional sha-256 of outputs, structured findings, notes
- append-only custody log — corrections are new events, not edits to prior rows (not a per-event hash chain)
- .fc-case zip — manifest.json, custody log, manifest.sha256 sidecar, optional signature.json, optional timestamp.json (rfc 3161 opt-in), optional embedded bytes
- optional ed25519 signing — device-local key via Web Crypto; covers custody log payload and manifest bytes independently
- offline verification — npm run forensics:verify-fc-case and browser import at /forensics/sessions
- interop exports from sessions — universal csv, magnet axiom csv, stix 2.1 bundle, misp event json, autopsy 4.x ingest module
- investigation package — .fc-case plus exhibit html, reproducibility report, and examiner declaration draft (four separate downloads)
local-first architecture
no server route ingests user evidence. open DevTools → Network before running a tool: you should see static assets only, not POST requests carrying file bytes. proof and methodology pages include a VERIFY panel that flags outbound requests outside an allowlist after load.
- browser-only processing — no accounts, no evidence upload endpoint
- heavy parsers (ffmpeg, onnx, wasm) load from static origin or /public/workers/ and still execute locally
- tool pages stamp build sha and manifest version when available — correlate a captured run with the deployed site
catalog quality and grading
every available forensic tool carries an auto-grade from the public rubric at /forensics/rubric. ship bar: B minimum for new forensic tools, A target. grades are regenerated in CI from forensics-audit.csv.
- A — production-ready: fixtures, honest boundaries, stackable where eligible, export paths
- B — shippable: core engine works; may lack full fixture depth or stack wiring
- C / D — not shipped to the public catalog
validation and replay
- 370/370 flagship golden replay — engineering gate (not exposed as public source checkout)
- synthetic proof investigations at /forensics/proof — evidence packs, per-engine goldens, replayable binders
- replay in browser — download evidence from a proof page and compare output digests to the published receipt
- validation methodology at /forensics/validation-methodology — determinism, discrepancy reproduction, build identity
how to verify (summary)
- browser: drag .fc-case onto /forensics/sessions — review manifest.sha256 match, signature status, warnings
- offline: email labs@fatcousin.com for qualified-reviewer verification tooling (not shipped on the public site)
- network: DevTools → Network while running a tool — confirm no evidence upload
- replay: open /forensics/proof/bec-sterling (or any flagship) and compare digests to the published receipt
full step-by-step: /forensics/verify
where to read more (web)
the whitepaper, scope, standards, and rubric pages carry the long-form detail this brief summarizes. use the links on the web version of this page; the pdf lists paths only.
claims we do not make
- court compliant, admissible, or certified for litigation
- chain-of-custody software (unqualified — collection stage is upstream)
- guaranteed for litigation or regulatory filing
- expert conclusions or legal findings — outputs are aids to human judgment
canonical URL: /forensics/reviewer-kit#brief
deep-dive reading list
read in this order before asking FatCousin Labs Inc. for a walkthrough.
- /forensics/reviewer-kit (this page)
- /forensics/scope#record-h
- /forensics/verify
- /forensics/standards#analysis-phase-h
- /forensics/proof/bec-sterling (or any flagship proof scenario)
- /forensics/whitepaper (skim architecture sections only)
verification commands
browser import and proof replay run on the public site. qualified reviewers can email labs@fatcousin.com for offline .fc-case verification tooling on request.
# primary: import .fc-case at /forensics/sessions (browser) # offline tooling: email labs@fatcousin.com (qualified reviewers on request) # proof replay: open /forensics/proof/<slug> and compare digests to the published receipt
architecture
local-first browser forensics · case session model with append-only custody events · sha-256 on inputs/outputs · .fc-case export — no upload, no server-side processing of user evidence.
limitations
same boundaries as /forensics/scope — do not expect fatcousin to be any of the following:
- not collection-stage chain-of-custody software. no write-block imaging, no live-device acquisition, no sealed-bag custody at collection. use ftk imager, cellebrite, axiom, or your lab's validated acquisition workflow upstream — then bring exports here for analysis.
- not a siem. no centralized log store, no correlation at enterprise scale, no 90-day retention pipeline. you bring the exports.
- not an edr. no agent on endpoints, no live telemetry, no remote isolation. we parse what you already extracted.
- not a replacement for cellebrite, axiom, encase, magnet, or velociraptor. those are vendor-of-record platforms with validated workflows. we are a browser toolbox for first-pass triage.
- not a managed incident response service. no retainer, no on-call analyst, no negotiation desk. hand outputs to someone who does that for a living.
- not attribution or legal advice. we surface artifacts and patterns. we do not name operators, predict court outcomes, or tell you whether to pay a ransom.
- not a cloud evidence processor. files never leave your device. if a tool needs network access for something other than loading the page, that is a bug — report it.
admissibility still depends on examiner process, upstream acquisition, and counsel — no tool vendor can guarantee a court outcome. we do not claim court compliant, admissible, or certified for litigation.
independent review
Independent legal review — pending. canada evidence act orientation and jurisdiction-specific claims will be updated after qualified counsel review; treat standards mapping as engineering alignment, not legal advice.
contact
questions about this kit, export verification, or practitioner replay: labs@fatcousin.com