Privacy-first · No upload · No login · Local analysis only

Privacy-first DFIR tools that run entirely in your browser

Analyze text, timestamps, files and email headers locally in your browser. No upload. No login. Instant results.

Open IOC Extractor Explore all tools

Available Tools

Each tool runs 100% in your browser — your data never leaves your device.

IOC Extractor

Regex-based extraction

Paste logs, reports or raw text and automatically extract IPs, domains, URLs, hashes, CVEs and more.

Analyze a SIEM alert dump or a threat report in seconds.

Open Tool

Timestamp Converter

Multi-format

Convert between Unix epoch, Windows FILETIME, WebKit/Chrome timestamps, ISO 8601 and EXIF formats.

Decode a FILETIME value from a registry artifact.

Open Tool

Hash Calculator

Web Crypto API

Compute MD5, SHA-1, SHA-256, SHA-384 and SHA-512 hashes for text or files. Compare against known values.

Verify file integrity or check a hash against a known IOC.

Open Tool

Email Header Analyzer

Phishing triage

Parse raw email headers and inspect SPF, DKIM, DMARC results, received hops and suspicious indicators.

Triage a phishing email in seconds.

Open Tool

Why local analysis matters

Uploading sensitive security data to third-party servers exposes you to unnecessary risk. Logs, hashes and email headers can contain confidential infrastructure details, PII or proprietary information.

DFIR Toolkit processes everything in your browser using standard Web APIs. The results are yours alone.

Who is it for?

SOC Analysts

Quickly triage alerts, extract IOCs and decode timestamps during incident response.

Incident Responders

Analyze email headers, validate file hashes and convert forensic timestamps on the fly.

Security Researchers

A fast workbench for parsing threat data without sending anything to external services.