mstoeck3/forensic-pathways
2
0
Fork 0
Code Issues 3 Pull Requests Projects Releases Activity
forensic-pathways/README.md
user01 65f7685b01 nitial:wq
2025-07-13 00:29:39 +02:00

7.7 KiB
Raw Blame History

cc24-hub

Der neue Hub für CC24. Ein Framework für diverse Forensik-Tools und Übersicht über die verfügbaren Anwendungen auf der Plattform. DISCLAIMER: Vibe-Coding von Anthropic Claude 4 Sonnet.

Features

  • Performance: Sub-2 second load times, sub-500ms filtering
  • YAML-Driven Content: Easy tool management through simple file edits
  • Dark/Light Themes: Automatic system detection with manual override
  • Service Monitoring: Real-time status via Uptime Kuma integration
  • Mobile Responsive: Works on all device sizes
  • Zero Dependencies: No external CDNs or cloud services

Quick Start

Prerequisites

  • Node.js 16+
  • npm or yarn

Installation

  1. Clone the repository

    git clone https://git.cc24.dev/mstoeck3/cc24-hub
cd cc24-hub

  2. Install dependencies

    npm install

  3. Start development server

    npm start

  4. Build for production

    npm run build

The site will be available at http://localhost:8080 and files will be generated in _site/.

Project Structure

dfir-tools-hub/
├── src/
│   ├── _data/                 # YAML data files
│   │   ├── tools.yaml         # Tools database
│   │   └── services.yaml      # Service monitoring config
│   ├── _includes/             # Shared template components
│   ├── _layouts/              # Page layout templates
│   │   └── base.njk           # Base layout
│   ├── js/                    # Client-side JavaScript
│   │   ├── search.js          # Search and filtering
│   │   ├── theme.js           # Theme management
│   │   ├── modal.js           # Tool detail modal
│   │   └── status.js          # Status page logic
│   ├── scss/                  # Sass stylesheets
│   │   └── main.scss          # Main stylesheet
│   ├── about/
│   │   └── index.njk          # About page
│   ├── privacy/
│   │   └── index.njk          # Privacy page
│   ├── status/
│   │   └── index.njk          # Status page
│   └── index.njk              # Home page
├── .eleventy.js               # Eleventy configuration
├── package.json               # Dependencies and scripts
└── README.md                  # This file

Content Management

Adding Tools

Edit src/_data/tools.yaml to add or modify tools:

tools:
  - id: new-tool                    # Unique identifier
    name: "Tool Name"               # Display name
    description: "Brief description of the tool"
    domains:                        # Forensic domains
      - "Filesystem Forensics"
      - "Network Forensics"
    phases:                         # DFIR phases
      - "Data Collection"
      - "Analysis"
    platforms:                      # Supported platforms
      - "Linux"
      - "Windows"
      - "macOS"
    skillLevel: "Intermediate"      # Beginner|Intermediate|Advanced
    accessType: "CLI"               # CLI|GUI|Web|SaaS
    url: "https://example.com"      # Project homepage
    tags:                           # Search tags
      - "tag1"
      - "tag2"
    type: "FOSS"                    # FOSS|SaaS

Configuring Services

Edit src/_data/services.yaml for service monitoring:

# Uptime Kuma Configuration
uptimeKuma:
  enabled: true                     # Enable/disable integration
  apiUrl: "https://status.lab.local/api"
  apiKey: "your-api-key"           # Optional API key
  refreshInterval: 30000           # Refresh every 30 seconds

# Static service definitions
services:
  - id: service-id
    name: "Service Name"
    description: "Service description"
    url: "https://service.lab.local"
    category: "Analysis Tools"
    status: "operational"           # operational|degraded|maintenance|down
    uptime: "99.9%"
    responseTime: "245ms"

DFIR Methodology

Tools are organized according to the standard DFIR framework:

Domains

  • Filesystem Forensics: File system analysis and recovery
  • Network Forensics: Network traffic and protocol analysis
  • Memory Forensics: RAM and memory artifact analysis
  • Live Forensics: Real-time system analysis
  • Malware Analysis: Malicious software examination
  • Cryptocurrency: Blockchain and crypto investigations

Phases

  • Data Collection: Evidence acquisition and preservation
  • Examination: Data extraction and parsing
  • Analysis: Evidence correlation and interpretation
  • Reporting: Documentation and timeline creation

Service Status Integration

Uptime Kuma Setup

  1. Install Uptime Kuma on your network

  2. Configure monitors for your DFIR services

  3. Enable API access in Uptime Kuma settings

  4. Update configuration in src/_data/services.yaml:

    uptimeKuma:
  enabled: true
  apiUrl: "https://your-uptime-kuma.local/api"
  apiKey: "your-api-key"

Development

Available Scripts

  • npm start - Start development server with live reload
  • npm run build - Build production site
  • npm run debug - Build with debug information
  • npm run clean - Clean build directory

Customization

Themes

  • Modify color variables in src/scss/main.scss
  • Supports CSS custom properties for dynamic theming
  • Automatic dark mode detection with manual override

Search and Filtering

  • Client-side search for instant results
  • Multi-criteria filtering (domain + phase + search term)
  • Matrix view for comprehensive tool overview

Performance Optimization

  • Static site generation for fast loading
  • Minimal JavaScript footprint
  • Local asset bundling (no CDNs)
  • Optimized CSS with utility classes

Deployment

Static Hosting

Build and deploy to any static host:

npm run build
# Upload _site/ contents to your web server

Docker

Create a Dockerfile:

FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM nginx:alpine
COPY --from=builder /app/_site /usr/share/nginx/html
EXPOSE 80

Self-Hosted Services

For lab environments, consider deploying alongside:

  • Timesketch: Timeline analysis platform
  • MISP: Threat intelligence sharing
  • Neo4j: Graph database for relationships

Browser Support

Features gracefully degrade in older browsers.

Contributing

Tool Submissions

  1. Fork the repository
  2. Add tool information to src/_data/tools.yaml
  3. Test locally with npm start
  4. Submit a pull request

Issue Reporting

Report bugs or suggest features via GitHub Issues.

Development Guidelines

  • Maintain sub-500ms search performance
  • Test across major browsers
  • Follow existing code style
  • Update documentation for changes

License

BSD-3-Clause License - see LICENSE file for details.

Acknowledgments

  • NIST SP 800-86 for DFIR methodology framework
  • Eleventy static site generator
  • Uptime Kuma for service monitoring
  • Open source DFIR community

Troubleshooting

Common Issues

Build fails with Sass errors

npm install --save-dev sass@latest

Search not working

  • Check browser console for JavaScript errors
  • Ensure window.toolsData is populated
  • Verify YAML syntax in tools.yaml

Uptime Kuma integration failing

  • Check network connectivity to API endpoint
  • Verify API key permissions
  • Review browser network tab for CORS issues

Performance issues

  • Ensure tools.yaml isn't excessively large (>1000 tools)
  • Check for JavaScript errors blocking execution
  • Verify efficient CSS selectors

Getting Help

  1. Check the troubleshooting section above
  2. Review GitHub Issues for similar problems
  3. Open a new issue with:
    • Browser and version
    • Error messages
    • Steps to reproduce