EESP Application Overview:

Implementation & Architecture

The Hague – March 25-26

CETIC

Evidence Exchange Standard Package (EESP) Application

Integrate forensic analysis documents

Case management document

Investigation action description

Outputs of forensic analysis tools

Descriptions of forensic procedures and actions

Chain of custody information

Uses the CASE Standard (https://github.com/ucoProject/CASE/)

Data Model

Representation Language (JSON-LD format)

Creates Evidence Packages

CASE files with evidence file attachments

For exchange through the Reference Implementation and e-Codex

E2E EESP Application

www.evidence2e-codex.eu

2

Ontology based Repository Service

WS Resource API

RDF Application

Web application frontend Service

Desktop Application

Packaging API

Web API (REST)

Task Queue (RabbitMQ)

Packaging & Encryption module (Celery Worker)

Package hosting service

Notification Service (in-App, via Task Queue)

Authentication

Access control (not integrated)

E2E EESP Application Architecture

www.evidence2e-codex.eu

3

Architecture – EESP Packaging API

www.evidence2ecodex.eu

4

The Ontology Repository Services (ORS)

https://github.com/cetic/ORS

Formal data model based on an OWL-RDF Ontology

Reasoning Semantic Queries

ORS Protégé Plugin

Data Model generation from UCO/CASE Ontology

Rest API generation

Resources Serialization/Representation Format:

JSON-LD

RESTful web services API

EESP Architecture –

CASE Ontology Repository Service

www.evidence2ecodex.eu

5

EESP Architecture

Ontology Repository

www.evidence2ecodex.eu

6

Ontology Editor UCO/CASE

ORS

www.evidence2ecodex.eu

7

REST API – For accessing EESP

Implementation – Packaging Service

Export of JSON-LD case document

Using ORS Rest API

Export graphs of a root element type and one or

more Ids

Rest API adds a packaging order in the Message Queue

Rabbit MQ

Notification when archive is ready

EVIDENCE2e-Codex

8

Implementation – Packaging Service

Packaging service

Celery Worker

Archive method: ZIP

Includes attached evidence files

Encryption methods

Symmetric key (today’s demo)

PKI

GPG (AES256, RSA, 3DES)

Temporary storage service

File download web service (up to 2GB with limit to

be increased to 30Gb)

EVIDENCE2e-Codex

9

EESP Packaging Workflow

www.evidence2ecodex.eu

10

Web application that uses the ORS REST API

Https://evidence2e-codex.cetic.be/

Display and management of CASE documents (Ontology Graphs)

Hierarchical view based on ontology tree

Schema is generated from the ontology using the protégé plugin

Investigative Actions - Action Lifecycle view

Investigative Actions - Timeline view

Identities according to Roles tab

Evidence Traces & Tools

Accordion view

Tree view base on query graph (under implementation)

Import and Export (packaging) of Evidence Packages

Help Pages

Architecture & Technologies

Separation between API Communication, content (what is displayed), style (how it looks like).

node.js, angular (js framework), material (css framework)

Implementation – EESP Frontend

www.evidence2ecodex.eu

11

Thanks for your attention

Questions?

EVIDENCE2e-Codex project Technical Workshops | The Hague November 20-21