mstoeck3/factum-notes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

README.md aktualisiert

Browse Source
This commit is contained in:
Mario Stöckl
2025-12-14 16:32:51 +00:00
parent 5807e6dd45
commit eb12fe9de0
1 changed files with 92 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
README.md
View File

@@ -1,3 +1,93 @@
# factum-notes # FACTUM-NOTES
**Cryptographically Secured Forensic Logging Utility**
Forensic note-taking application which utilizes PGP signatures on timestamped notes to ensure maximum integrity. ---
## ABSTRACT
**Factum-Notes** is a specialized software utility designed for the rigorous documentation of digital forensic investigations. It addresses the critical requirement for data integrity within the chain of custody by offering immediate cryptographic signing of all analyst entries, while this is optional and configurable by the analyst.
Designed for operation in forensic-grade, air-gapped environments, the system ensures that every note, observation, and artifact is timestamped, hashed, and optionally signed via GPG (GNU Privacy Guard) upon creation. This architecture provides a verifiable, court-admissible audit trail, ensuring that the investigative timeline remains immutable and tamper-evident.
---
## SYSTEM ARCHITECTURE & DESIGN PHILOSOPHY
The design of Factum-Notes prioritizes integrity, low-latency input, and deployment flexibility.
### Core Integrity Mechanisms
* **Immutable Logging:** All entries are subjected to immediate SHA-256 hashing.
* **Cryptographic Non-Repudiation:** Entries are signed using the analyst's local GPG private key.
* **Temporal Verification:** Precise timestamping accompanies all signatures to establish a chronological sequence of events.
### User Interface Paradigm
The system implements a hybrid interface model:
* **CLI (Command Line Interface):** Optimized for high-velocity data entry and rapid logging during active forensic acquisition.
* **GUI (Graphical User Interface):** A lightweight PySide6 interface for complex case management, artifact linking, and review.
### Deployment Specifications
* **Single-Binary Distribution:** Compiled to a standalone executable to eliminate dependency conflicts.
* **Air-Gap Optimization:** Designed to function with zero network dependencies post-installation.
* **Cross-Platform Compliance:** Fully validated for operation on Linux and Windows NT-family kernels.
---
## FUNCTIONAL SPECIFICATIONS
### Case & Evidence Management
* **Hierarchical Structure:** Supports multiple unique cases, each containing distinct evidence containers.
* **Metadata Association:** optional storage of cryptographic hashes (MD5, SHA1, SHA256) for all associated evidence objects.
* **Tagging Taxonomy:** Implements a user-defined tagging system for cross-referencing findings across the dataset.
### Automated Parsing
* **IoC Extraction:** Integrated regex-based parsing to identify and catalog Indicators of Compromise (IP addresses, hashes, domains, crypto-currency entities) from textual notes.
* **Filtering Logic:** Boolean search capabilities across tags and extracted IoCs.
### Export Capabilities
* **Scoped Reporting:** Generation of reports limited to specific cases or evidence sets.
* **Format Support:** Output availability in raw text and Markdown formats for integration into final forensic reports.
### Key Management
* **System Integration:** Direct interfacing with the host operating systems GPG keychain (Gpg4win/GnuPG/Kleopatra).
---
## TECHNICAL IMPLEMENTATION
The application is constructed upon a modern, verified stack to ensure maintainability and performance.
* **Runtime Environment:** Python 3.13
* **Graphical Framework:** Qt 6 (via PySide6)
* **Package Management:** `uv` (Ultra-fast Python package installer)
* **Data Persistence:** SQLite (Local, serverless relational database engine)
---
## FUTURE DEVELOPMENT ROADMAP
The following modules are proposed for medium-term integration:
### Heuristic Analysis Engine (LLM Integration)
* **Goal Definition:** Analyst-defined investigative objectives per case.
* **Automated Summarization:** Synthesis of complex note chains into executive summaries.
* **Procedural Guidance:** Algorithmic suggestions for next steps based on current findings and defined goals.
### Extended Functionality
* **Search Indexing:** Full-text search across the encrypted database.
* **IoC Enrichment:** External API lookup for extracted indicators (optional network connectivity required).
* **Remote Collaboration:** Synchronization capabilities via remote database backends for multi-analyst teams.
* **Cross-Evidence-Referencing:** Allows references and back-references throughout evidence notes.
---
## COPYRIGHT & LICENSE
**Copyright © 2025**
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
**THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.**