Skip to content
/ casemanagement Public

RP1 Automatic evidence processing and analysis in the cloud

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TobiasS1402/casemanagement

BranchesTags

Repository files navigation

casemanagement - Forensic case management

casemanagement is a Python Flask-powered application designed to streamline the management of forensic cases. It provides an intuitive interface for investigators to upload evidence and receive the analyzed results.

Features

  • Case Management: Easily create, update, and delete forensic cases.
  • Evidence Tracking: Upload and analyze forensic case data.
  • User Authentication: Secure user authentication and authorization system.
  • Automatic reporting: Automatically send analyzed data to Splunk backend.
  • Customizable: Adapt the application to fit your specific forensic investigation workflow.

Screenshots

to do

Environment Variables

To run the application, you need to set the following environment variables:

  • DEPLOYMENT: development creates a local sqlite db, value production expects PROD_DB_STRING to be set
  • SECRET_KEY: varchar(100) secret value for cookie "salt" in Flask
  • SECURITY_PASSWORD_SALT: varchar(100) secret value for password salting
  • SPLUNK_URL: url(https://{ip}:{port}) for Splunk api port 8089
  • SPLUNK_TOKEN: JWT for Splunk access via api as bearer
  • PROD_DB_STRING: PostgreSQL connection string as postgesql://{username}:{password}@{hostname}:{port}/{database}?sslmode=require
  • ADMIN_PASSWORD: Admin user password
  • ADMIN_EMAIL: Admin user emailaddress
  • HAYABUSA_WORKER_URL: Hayabusa worker url with /upload [explained further down below]
  • HAYABUSA_ACCESS_TOKEN: Hayabusa accesstoken for the workers [explained further down below]

Installation (ghcr.io)

  1. Pull image:
docker pull ghcr.io/tobiass1402/casemanagement:main
  1. Set-up docker-compose
cp docker-compose-example.yml docker-compose.yml

  1. Edit variables

  2. Run

docker compose up

Installation (build yourself)

  1. Clone the repository:
git clone https://github.com/tobiass1402/casemanagement
cd casemanagement
  1. Install dependencies:
pip install -r requirements.txt
  1. Set-up docker-compose
cp docker-compose-example.yml docker-compose.yml

  1. Edit variables

  2. Run and build

docker compose up --build

The application should now be running and accessible at http://0.0.0.0:9000.

Hayabusa worker

In order to automatically have your .evtx files analyzed you need to set-up the Hayabusa worker from https://github.com/TobiasS1402/hayabusa-docker. This has automatically been added to docker-compose, just set the same key for HAYABUSA_ACCESS_TOKEN and ACCESS_TOKEN.

Contributing

Contributions are welcome! If you have any suggestions, feature requests, or bug reports, please open an issue or submit a pull request.

To do list

  • seperate Celery task files
  • seperate files for functions and classes
  • create error view for tasks
  • create retry button for failed tasks
  • create database connection task storage

About

RP1 Automatic evidence processing and analysis in the cloud

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 1

v1.0 | public release Latest
Feb 4, 2024

Packages

 
 
 

Contributors 2

  •  
  •  

Languages