README.md aktualisiert
This commit is contained in:
82
README.md
82
README.md
@@ -4,7 +4,6 @@ Cryptographically Secured Forensic Logging Utility
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## ABSTRACT
|
## ABSTRACT
|
||||||
|
|
||||||
@@ -12,7 +11,6 @@ Cryptographically Secured Forensic Logging Utility
|
|||||||
|
|
||||||
Designed for operation in forensic-grade, air-gapped environments, the system ensures that every note, observation is timestamped, hashed, and optionally signed via GPG upon creation. This architecture provides a verifiable, court-admissible audit trail, ensuring that the investigative timeline remains immutable and tamper-proof.
|
Designed for operation in forensic-grade, air-gapped environments, the system ensures that every note, observation is timestamped, hashed, and optionally signed via GPG upon creation. This architecture provides a verifiable, court-admissible audit trail, ensuring that the investigative timeline remains immutable and tamper-proof.
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## GUI Draft
|
## GUI Draft
|
||||||
|
|
||||||
@@ -21,89 +19,27 @@ Designed for operation in forensic-grade, air-gapped environments, the system en
|
|||||||
***Work in progress:***
|
***Work in progress:***
|
||||||
*This is a mockup how the GUI would look, drafted with Claude.*
|
*This is a mockup how the GUI would look, drafted with Claude.*
|
||||||
|
|
||||||
## SYSTEM ARCHITECTURE & DESIGN PHILOSOPHY
|
## DESIGN
|
||||||
|
|
||||||
The design of Factum-Notes prioritizes integrity, low-latency input, and deployment flexibility.
|
The design of Factum-Notes prioritizes integrity and fast input.
|
||||||
|
|
||||||
### Core Integrity Mechanisms
|
### Integrity Functions
|
||||||
|
|
||||||
* **Immutable Logging:** All entries are subjected to immediate SHA-256 hashing.
|
* **Hashing:** All entries along with their timestamp are immediately SHA-256 hashed.
|
||||||
* **Cryptographic Non-Repudiation:** Entries are signed using the analyst's local GPG private key.
|
* **Cryptographic Signing:** The hashes are signed using the analyst's provided GPG/PGP key.
|
||||||
* **Temporal Verification:** Precise timestamping accompanies all signatures to establish a chronological sequence of events.
|
|
||||||
|
|
||||||
### User Interface Paradigm
|
### User Interface
|
||||||
|
|
||||||
The system implements a hybrid interface model:
|
The program has multiple ways to interact with it:
|
||||||
|
|
||||||
* **CLI (Command Line Interface):** Optimized for swift data entry and rapid logging during active forensic acquisition, while never switching from the terminal.
|
* **Command Line:** Quick data entry and rapid logging during working in the terminal, while never switching from the terminal.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
factum "This note is immediately saved into the currently active case. When the IP address 123.45.67.89 is contained in the note, it will also show up in the IoC Panel. We can also assign #tags for any note which enables efficient retreival"
|
factum "This note is immediately saved into the currently active case. When the IP address 123.45.67.89 is contained in the note, it will also show up in the IoC Panel. We can also assign #tags for any note which enables efficient retreival"
|
||||||
```
|
```
|
||||||
|
|
||||||
* **GUI (Graphical User Interface):** A lightweight PySide6 interface for complex case management, artifact linking, and review.
|
* **Graphical Interface:** PySide6 interface for case management, review and anything else which might be implemented.
|
||||||
|
|
||||||
### Deployment Specifications
|
|
||||||
|
|
||||||
* **Single-Binary Distribution:** Compiled to a standalone executable to eliminate dependency conflicts.
|
|
||||||
* **Air-Gap Optimization:** Designed to function with zero network dependencies post-installation.
|
|
||||||
* **Cross-Platform Compliance:** Fully validated for operation on Linux and Windows NT-family kernels.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## FUNCTIONAL SPECIFICATIONS
|
|
||||||
|
|
||||||
### Case & Evidence Management
|
|
||||||
|
|
||||||
* **Hierarchical Structure:** Supports multiple unique cases, each containing distinct evidence containers.
|
|
||||||
* **Metadata Association:** optional storage of cryptographic hashes (MD5, SHA1, SHA256) for all associated evidence objects.
|
|
||||||
* **Tagging:** Implements a user-defined tagging system for cross-referencing findings across the dataset.
|
|
||||||
|
|
||||||
### Automated Parsing
|
|
||||||
|
|
||||||
* **IoC Extraction:** Integrated regex-based parsing to identify and catalog Indicators of Compromise (IP addresses, hashes, domains, crypto-currency entities) from textual notes.
|
|
||||||
* **Filtering Logic:** Boolean search capabilities across tags and extracted IoCs.
|
|
||||||
|
|
||||||
### Export Capabilities
|
|
||||||
|
|
||||||
* **Scoped Reporting:** Generation of reports limited to specific cases or evidence sets.
|
|
||||||
* **Format Support:** Output availability in raw text and Markdown formats for integration into final forensic reports.
|
|
||||||
|
|
||||||
### Key Management
|
|
||||||
|
|
||||||
* **System Integration:** Direct interfacing with the host operating systems GPG keychain (Gpg4win/GnuPG/Kleopatra).
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## TECHNICAL IMPLEMENTATION
|
|
||||||
|
|
||||||
The application is constructed upon a modern, verified stack to ensure maintainability and performance.
|
|
||||||
|
|
||||||
* **Runtime Environment:** Python 3.13
|
|
||||||
* **Graphical Framework:** Qt 6 (via PySide6)
|
|
||||||
* **Package Management:** `uv` (Ultra-fast Python package installer)
|
|
||||||
* **Data Persistence:** SQLite (Local, serverless relational database engine)
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## FUTURE DEVELOPMENT ROADMAP
|
|
||||||
|
|
||||||
The following modules are proposed for medium-term integration:
|
|
||||||
|
|
||||||
### Heuristic Analysis Engine (LLM Integration)
|
|
||||||
|
|
||||||
* **Goal Definition:** Analyst-defined investigative objectives per case.
|
|
||||||
* **Automated Summarization:** Synthesis of complex note chains into executive summaries.
|
|
||||||
* **Procedural Guidance:** Algorithmic suggestions for next steps based on current findings and defined goals.
|
|
||||||
|
|
||||||
### Extended Functionality
|
|
||||||
|
|
||||||
* **Search Indexing:** Full-text search across the encrypted database.
|
|
||||||
* **IoC Enrichment:** External API lookup for extracted indicators (optional network connectivity required).
|
|
||||||
* **Remote Collaboration:** Synchronization capabilities via remote database backends for multi-analyst teams.
|
|
||||||
* **Cross-Evidence-Referencing:** Allows references and back-references throughout evidence notes.
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
## COPYRIGHT & LICENSE
|
## COPYRIGHT & LICENSE
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user