Two security vulnerabilities identified in PiRogue have been fixed. The dashboard is now accessible in HTTPS only and upon their first login to PiRogue, the user is now requested to change their password.

Project overview

PiRogue Tool Suite (PTS) provides a platform combining analysis tools, knowledge management, incident response management, and artifact management, which allows civil society organizations with limited resources to equip themselves at a low cost. The project consists of an open-source tool suite that provides a comprehensive mobile device forensics and digital investigation platform.

• Website: pts-project.org
• Email: hello [at] pts-project.org
• GitHub: Source code - Roadmap
• Get support: Discord
• Support us: OpenCollective

---

📢 Announcements

• Make sure to upgrade your PiRogue to get the latest security patch!
• The analysis report of APNA Tunnel Lite v27 is now public.
• The next community meeting will happen on May 30 at 2pm CET.
• Fill in the form to select the Android app for next month.
• To ensure we’re meeting your needs and expectations, we kindly ask you to complete a brief feedback form.

🎉 Impacts and results

Two security vulnerabilities identified in PiRogue have been fixed. The dashboard is now accessible in HTTPS only and upon their first login to PiRogue, the user is now requested to change their password.

📒 Activity report

You can find more details about the different activities in the project roadmap.

📦 US2 - Better knowledge management#

A significant improvement involves refining knowledge organization and representation within Colander. This includes establishing a hierarchical structure for cases, where parent cases inherit from child cases, enhancing the management of extensive investigations. Furthermore, Colander will support the creation of multiple graphs within a single case, allowing for diverse projections of a subset of the case knowledge graph. The inclusion of thumbnails on graph nodes will simplify the investigation by involving pictures.

Overview of the different activities#

• 🔁 Create a hierarchy of cases
• ✅ Create multiple graphs
• ✅ Add thumbnails on graph nodes
• 🔁 Batch import of knowledge
• 🔁 Feature request: bulk add of observables

Add thumbnails on graph nodes#

This month#

Thumbnails can now be managed directly with the entity creation/edition form or directly within the graph. From an investigation point of view, this feature significantly increases the readability and understanding of interconnections within a case.

Batch import of knowledge#

This month#

We’ve created a Vue component that allows the user to import a CSV file with Colander and automatically create the entities represented in the CSV file. The rows correspond to the entities to create, and the columns correspond to the properties of the entity.
To import a CSV, the user is invited to select a CSV file and select the type of entities they want to create in their Colander case. The user must assign a property to each column. This mapping defines what column contains the name of the entity, the description…

This component allows the user to import observables, devices, actors, threats, and data fragments.

Next month#

We will release this feature.

📦 US100 - Documentation#

Documenting the project is key in its usability. We are continuously documenting the different tools and features we develop and build new learning materials to facilitate skills development.

This month#

In response to the audit’s identification of Vulnerability 2.4, the documentation has been updated. This update details the security and usability implications of requiring an HTTPS-only connection to the PiRogue dashboard.

Two cookbooks have been added:

• Trust PiRogue self-signed certificate
• Verify PiRogue self-signed certificate

Next month#

We will continue to improve the project documentation to accurately reflect ongoing changes and updates.

📦 US101 - Maintenance#

We manufacture PiRogues to supply organizations, while taking care of its maintenance. We will include OS upgrades, improvement of the documentation, and fixing bugs. Regarding Colander and Threatr, we maintain the public Colander server, upgrade dependencies, improve the documentation, and fix bugs.

This month#

Security#

The Vulnerability 2.4 impacting PiRogue has been fixed and released in the package pirogue-external-exposure version 2.0.4. The dashboard is now accessible in HTTPS only, 2 cookbooks detail how to verify and trust the self-signed certificate:

• Trust PiRogue self-signed certificate
• Verify PiRogue self-signed certificate

The Vulnerability 2.3 impacting PiRogue OS has been fixed and released in the PiRogue OS image version arm64_2.3.0. Now, upon their first login to PiRogue, the user is requested to change their password.

Improvements#

The HAR Analyzer has been published on NPM repository and is available to anyone who wants to use it in their project. This component is already integrated into Colander artifact preview pages.

With the integration of Mandolin, artifacts stored in Colander are automatically analyzed with Apache Tika. This analysis extracts artifact metadata like the geolocation information stored in a picture and the content of documents or images by leveraging OCR if necessary.

Next Month#

We will continue the maintenance of the tools, Debian packages we maintain, and Colander ecosystem.

📦 US102 - Community and outreach#

Given the success of events, webinars, and demos with members of the civil society, NGOs, and security researchers, we continue with our outreach plan. We organize trainings and demonstration sessions as well as creating spaces for the community to share feedback and request new features via our mailing list, GitHub issues, or Discord server. We analyze one Android app that has received the community’s interest (ex COP28 app) per month. The application to be analyzed is chosen by the community. The analysis report is first privately shared with the community and one month later it is publicly released.

We organize monthly calls open to all members of the community to share project updates and get the community’s feedback.

This month#

The analysis report of the APNA Tunnel Lite v27 Android application has been published.

The PTS community meeting took place on Apr. 25. The next one will happen online on May 30 at 2pm CET.

This month, more than 40 virtual PiRogues have been deployed.

Next month#

We will continue with our recurring activities.

📦 US103 - Governance#

This month#

The working plan we have defined with The Engine Room has been approved by OTF. They are assisting us in conducting user research, mapping systems and audiences, and designing sustainable user feedback processes.

Our proposal to the Calyx Institute’s Sepal fund has been rejected.

We’ve followed up with potential partners to explore different hosting options for our users.

Next month#

We will continue with our recurring activities.