readme

2025-07-16 09:10:39 +02:00 · 2025-07-16 09:10:39 +02:00 · 1573557164
commit 1573557164
parent f7c9670529
1 changed files with 108 additions and 265 deletions
--- a/README.md
+++ b/README.md
@ -1,297 +1,140 @@
-# cc24-hub
+# CC24-Hub
-Der neue Hub für CC24. Ein Framework für diverse Forensik-Tools und Übersicht über die verfügbaren Anwendungen auf der Plattform.
+Ein kuratiertes Verzeichnis für digitale Forensik- und Incident-Response-Tools, entwickelt für die Seminargruppe CC24-w1.
 DISCLAIMER: Vibe-Coding von Anthropic Claude 4 Sonnet.
-## Features
+## 🎯 Projektübersicht
- **Performance**: Sub-2 second load times, sub-500ms filtering
+CC24-Hub ist eine statische Website, die eine strukturierte Übersicht über bewährte DFIR-Tools bietet. Das Projekt orientiert sich am NIST-Framework (SP 800-86) und kategorisiert Tools nach forensischen Domänen und Untersuchungsphasen.
 - **YAML-Driven Content**: Easy tool management through simple file edits
 - **Dark/Light Themes**: Automatic system detection with manual override
 - **Service Monitoring**: Real-time status via Uptime Kuma integration
 - **Mobile Responsive**: Works on all device sizes
 - **Zero Dependencies**: No external CDNs or cloud services
-## Quick Start
+### Hauptfunktionen
-### Prerequisites
+- **Tool-Katalog**: Umfassende Sammlung von Open-Source und kommerziellen Forensik-Tools
 - **Matrix-Ansicht**: Visualisierung der Tools nach Domänen und Prozess-Phasen
 - **Erweiterte Filterung**: Suche nach Name, Beschreibung, Tags, Domäne und Phase
 - **Self-Hosted Integration**: Direkte Links zu gehosteten Tool-Instanzen
 - **Status-Monitoring**: Live-Überwachung der verfügbaren Services
 - **Responsive Design**: Optimiert für Desktop und Mobile
 - **Dark/Light Mode**: Automatische Theme-Erkennung mit manueller Überschreibung
- Node.js 16+ 
+## 🛠️ Technischer Stack
 - npm or yarn
-### Installation
+- **Framework**: [Astro](https://astro.build/) (Static Site Generator)
 - **Styling**: Vanilla CSS mit CSS Custom Properties
 - **Datenformat**: YAML für Tool-Definitionen
 - **Deployment**: Statische HTML-Generierung
 - **Node.js**: >=18.0.0
 ## 🚀 Installation & Deployment
 ### Lokale Entwicklung
 1. **Clone the repository**
 ```bash
-   git clone https://git.cc24.dev/mstoeck3/cc24-hub
+# Repository klonen
 git clone https://git.cc24.dev/mstoeck3/cc24-hub.git
 cd cc24-hub
   ```
-2. **Install dependencies**
+# Dependencies installieren
   ```bash
 npm install
 # Development Server starten
 npm run dev
 ```
-3. **Start development server**
+Die Seite ist dann unter `http://localhost:4321` verfügbar.
 ### Produktions-Deployment
 ```bash
-   npm start
+# Build erstellen
 npm install && npm run build
 ```
-4. **Build for production**
+Die statische Seite wird im `dist/` Verzeichnis generiert und kann in die Webroot des Webservers kopiert werden.
   ```bash
   npm run build
   ```
-The site will be available at `http://localhost:8080` and files will be generated in `_site/`.
+### Verfügbare Scripts
-## Project Structure
+- `npm run dev` - Development Server
 - `npm run build` - Produktions-Build
 - `npm run preview` - Vorschau des Builds
 - `npm run deploy:static` - Statisches Deployment (Script)
 ## 📁 Projektstruktur
 ```
-dfir-tools-hub/
+cc24-hub/
 ├── src/
-│   ├── _data/                 # YAML data files
+│   ├── components/          # Astro-Komponenten
-│   │   ├── tools.yaml         # Tools database
+│   │   ├── Navigation.astro
-│   │   └── services.yaml      # Service monitoring config
+│   │   ├── ToolCard.astro
-│   ├── _includes/             # Shared template components
+│   │   ├── ToolFilters.astro
-│   ├── _layouts/              # Page layout templates
+│   │   └── ToolMatrix.astro
-│   │   └── base.njk           # Base layout
+│   ├── data/
-│   ├── js/                    # Client-side JavaScript
+│   │   └── tools.yaml       # Tool-Definitionen
-│   │   ├── search.js          # Search and filtering
+│   ├── layouts/
-│   │   ├── theme.js           # Theme management
+│   │   └── BaseLayout.astro
-│   │   ├── modal.js           # Tool detail modal
+│   ├── pages/               # Seiten-Routing
-│   │   └── status.js          # Status page logic
+│   │   ├── index.astro
-│   ├── scss/                  # Sass stylesheets
+│   │   ├── about.astro
-│   │   └── main.scss          # Main stylesheet
+│   │   ├── status.astro
-│   ├── about/
+│   │   └── impressum.astro
-│   │   └── index.njk          # About page
+│   ├── scripts/
-│   ├── privacy/
+│   │   └── theme.js         # Theme-Management
-│   │   └── index.njk          # Privacy page
+│   └── styles/
-│   ├── status/
+│       └── global.css       # Globale Styles
-│   │   └── index.njk          # Status page
+├── public/                  # Statische Assets
-│   └── index.njk              # Home page
+└── astro.config.mjs        # Astro-Konfiguration
 ├── .eleventy.js               # Eleventy configuration
 ├── package.json               # Dependencies and scripts
 └── README.md                  # This file
 ```
-## Content Management
+## 🔧 Tool-Datenformat
-### Adding Tools
+Tools werden in `src/data/tools.yaml` definiert:
 Edit `src/_data/tools.yaml` to add or modify tools:
 ```yaml
 tools:
-  - id: new-tool                    # Unique identifier
+  - name: "Tool Name"
-    name: "Tool Name"               # Display name
+    description: "Beschreibung des Tools"
-    description: "Brief description of the tool"
+    domains: ["incident-response", "malware-analysis"]
-    domains:                        # Forensic domains
+    phases: ["data-collection", "analysis"]
-      - "Filesystem Forensics"
+    platforms: ["Linux", "Windows"]
-      - "Network Forensics"
+    skillLevel: "intermediate"
-    phases:                         # DFIR phases
+    accessType: "download"
-      - "Datensammlung"
+    url: "https://example.com"
-      - "Analyse"
+    projectUrl: "https://hosted.example.com"  # Optional für gehostete Tools
-    platforms:                      # Supported platforms
+    license: "Apache 2.0"
-      - "Linux"
+    tags: ["tag1", "tag2"]
-      - "Windows"
+    statusUrl: "https://status.example.com/badge"  # Optional
      - "macOS"
    skillLevel: "Intermediate"      # Beginner|Intermediate|Advanced
    accessType: "CLI"               # CLI|GUI|Web|SaaS
    url: "https://example.com"      # Project homepage
    tags:                           # Search tags
      - "tag1"
      - "tag2"
    type: "FOSS"                    # FOSS|SaaS
 ```
-### Configuring Services
+### Verfügbare Kategorien
-Edit `src/_data/services.yaml` for service monitoring:
+**Domänen:**
 - `incident-response` - Incident Response & Breach-Untersuchung
 - `law-enforcement` - Strafverfolgung & Kriminalermittlung
 - `malware-analysis` - Malware-Analyse & Reverse Engineering
 - `fraud-investigation` - Betrugs- & Finanzkriminalität
 - `network-forensics` - Netzwerk-Forensik & Traffic-Analyse
 - `mobile-forensics` - Mobile Geräte & App-Forensik
 - `cloud-forensics` - Cloud & Virtuelle Umgebungen
 - `ics-forensics` - Industrielle Kontrollsysteme (ICS/SCADA)
-```yaml
+**Phasen:**
-# Uptime Kuma Configuration
+- `data-collection` - Datensammlung
-uptimeKuma:
+- `examination` - Auswertung
-  enabled: true                     # Enable/disable integration
+- `analysis` - Analyse
-  apiUrl: "https://status.lab.local/api"
+- `reporting` - Bericht & Präsentation
-  apiKey: "your-api-key"           # Optional API key
+- `collaboration` - Übergreifend & Kollaboration
  refreshInterval: 30000           # Refresh every 30 seconds
-# Static service definitions
+## 🤝 Beitragen
 services:
  - id: service-id
    name: "Service Name"
    description: "Service description"
    url: "https://service.lab.local"
    category: "Analyse Tools"
    status: "operational"           # operational|degraded|maintenance|down
    uptime: "99.9%"
    responseTime: "245ms"
 ```
-## DFIR Methodology
+### Tool hinzufügen
-Tools are organized according to the standard DFIR framework:
+1. Fork des Repositories erstellen
 2. Neuen Tool-Eintrag in `src/data/tools.yaml` hinzufügen
 3. Pull Request mit Beschreibung der Änderungen erstellen
-### Domains
+### Korrekturen & Verbesserungen
 - **Filesystem Forensics**: File system Analyse and recovery
 - **Network Forensics**: Network traffic and protocol Analyse  
 - **Memory Forensics**: RAM and memory artifact Analyse
 - **Live Forensics**: Real-time system Analyse
 - **Malware Analyse**: Malicious software Auswertung
 - **Cryptocurrency**: Blockchain and crypto investigations
-### Phases
+- Bug Reports und Feature Requests über Issues melden
- **Datensammlung**: Evidence acquisition and preservation
+- Code-Beiträge über Pull Requests willkommen
- **Auswertung**: Data extraction and parsing
+- Dokumentation und Übersetzungen erwünscht
 - **Analyse**: Evidence correlation and interpretation
 - **Bericht & Präsentation**: Documentation and timeline creation
 ## Service Status Integration
 ### Uptime Kuma Setup
 1. **Install Uptime Kuma** on your network
 2. **Configure monitors** for your DFIR services
 3. **Enable API access** in Uptime Kuma settings
 4. **Update configuration** in `src/_data/services.yaml`:
   ```yaml
   uptimeKuma:
     enabled: true
     apiUrl: "https://your-uptime-kuma.local/api"
     apiKey: "your-api-key"
   ```
 ## Development
 ### Available Scripts
 - `npm start` - Start development server with live reload
 - `npm run build` - Build production site
 - `npm run debug` - Build with debug information
 - `npm run clean` - Clean build directory
 ### Customization
 #### Themes
 - Modify color variables in `src/scss/main.scss`
 - Supports CSS custom properties for dynamic theming
 - Automatic dark mode detection with manual override
 #### Search and Filtering
 - Client-side search for instant results
 - Multi-criteria filtering (domain + phase + search term)
 - Matrix view for comprehensive tool overview
 #### Performance Optimization
 - Static site generation for fast loading
 - Minimal JavaScript footprint
 - Local asset bundling (no CDNs)
 - Optimized CSS with utility classes
 ## Deployment
 ### Static Hosting
 Build and deploy to any static host:
 ```bash
 npm run build
 # Upload _site/ contents to your web server
 ```
 ### Docker
 Create a `Dockerfile`:
 ```dockerfile
 FROM node:18-alpine AS builder
 WORKDIR /app
 COPY package*.json ./
 RUN npm ci
 COPY . .
 RUN npm run build
 FROM nginx:alpine
 COPY --from=builder /app/_site /usr/share/nginx/html
 EXPOSE 80
 ```
 ### Self-Hosted Services
 For lab environments, consider deploying alongside:
 - **Timesketch**: Timeline Analyse platform
 - **MISP**: Threat intelligence sharing
 - **Neo4j**: Graph database for relationships
 ## Browser Support
 Features gracefully degrade in older browsers.
 ## Contributing
 ### Tool Submissions
 1. Fork the repository
 2. Add tool information to `src/_data/tools.yaml`
 3. Test locally with `npm start`
 4. Submit a pull request
 ### Issue Bericht & Präsentation
 Report bugs or suggest features via GitHub Issues.
 ### Development Guidelines
 - Maintain sub-500ms search performance
 - Test across major browsers
 - Follow existing code style
 - Update documentation for changes
 ## License
 BSD-3-Clause License - see LICENSE file for details.
 ## Acknowledgments
 - NIST SP 800-86 for DFIR methodology framework
 - Eleventy static site generator
 - Uptime Kuma for service monitoring
 - Open source DFIR community
 ## Troubleshooting
 ### Common Issues
 **Build fails with Sass errors**
 ```bash
 npm install --save-dev sass@latest
 ```
 **Search not working**
 - Check browser console for JavaScript errors
 - Ensure `window.toolsData` is populated
 - Verify YAML syntax in tools.yaml
 **Uptime Kuma integration failing**
 - Check network connectivity to API endpoint
 - Verify API key permissions
 - Review browser network tab for CORS issues
 **Performance issues**
 - Ensure tools.yaml isn't excessively large (>1000 tools)
 - Check for JavaScript errors blocking execution
 - Verify efficient CSS selectors
 ### Getting Help
 1. Check the troubleshooting section above
 2. Review GitHub Issues for similar problems
 3. Open a new issue with:
   - Browser and version
   - Error messages
   - Steps to reproduce