eesp application overview: implementation & architecture · 2019-04-01 · representation...
TRANSCRIPT
EESP Application Overview:
Implementation & Architecture
The Hague – March 25-26
CETIC
Evidence Exchange Standard Package (EESP) Application
Integrate forensic analysis documents
Case management document
Investigation action description
Outputs of forensic analysis tools
Descriptions of forensic procedures and actions
Chain of custody information
Uses the CASE Standard (https://github.com/ucoProject/CASE/)
Data Model
Representation Language (JSON-LD format)
Creates Evidence Packages
CASE files with evidence file attachments
For exchange through the Reference Implementation and e-Codex
E2E EESP Application
www.evidence2e-codex.eu
2
Ontology based Repository Service
WS Resource API
RDF Application
Web application frontend Service
Desktop Application
Packaging API
Web API (REST)
Task Queue (RabbitMQ)
Packaging & Encryption module (Celery Worker)
Package hosting service
Notification Service (in-App, via Task Queue)
Authentication
Access control (not integrated)
E2E EESP Application Architecture
www.evidence2e-codex.eu
3
Architecture – EESP Packaging API
www.evidence2ecodex.eu
4
The Ontology Repository Services (ORS)
https://github.com/cetic/ORS
Formal data model based on an OWL-RDF Ontology
Reasoning Semantic Queries
ORS Protégé Plugin
Data Model generation from UCO/CASE Ontology
Rest API generation
Resources Serialization/Representation Format:
JSON-LD
RESTful web services API
EESP Architecture –
CASE Ontology Repository Service
www.evidence2ecodex.eu
5
EESP Architecture
Ontology Repository
www.evidence2ecodex.eu
6
Ontology Editor UCO/CASE
ORS
www.evidence2ecodex.eu
7
REST API – For accessing EESP
Implementation – Packaging Service
Export of JSON-LD case document
Using ORS Rest API
Export graphs of a root element type and one or
more Ids
Rest API adds a packaging order in the Message Queue
Rabbit MQ
Notification when archive is ready
EVIDENCE2e-Codex
8
Implementation – Packaging Service
Packaging service
Celery Worker
Archive method: ZIP
Includes attached evidence files
Encryption methods
Symmetric key (today’s demo)
PKI
GPG (AES256, RSA, 3DES)
Temporary storage service
File download web service (up to 2GB with limit to
be increased to 30Gb)
EVIDENCE2e-Codex
9
EESP Packaging Workflow
www.evidence2ecodex.eu
10
Web application that uses the ORS REST API
Https://evidence2e-codex.cetic.be/
Display and management of CASE documents (Ontology Graphs)
Hierarchical view based on ontology tree
Schema is generated from the ontology using the protégé plugin
Investigative Actions - Action Lifecycle view
Investigative Actions - Timeline view
Identities according to Roles tab
Evidence Traces & Tools
Accordion view
Tree view base on query graph (under implementation)
Import and Export (packaging) of Evidence Packages
Help Pages
Architecture & Technologies
Separation between API Communication, content (what is displayed), style (how it looks like).
node.js, angular (js framework), material (css framework)
Implementation – EESP Frontend
www.evidence2ecodex.eu
11
Thanks for your attention
Questions?
EVIDENCE2e-Codex project Technical Workshops | The Hague November 20-21