 Mobile device forensics & digital investigationMonthly report n⁰38 - 2025-04https://pts-project.org/blog/monthly-report-n38-2025-04/Project overviewPiRogue Tool Suite (PTS) provides a platform combining analysis tools, knowledge management, incident response management, and artifact management, which allows civil society organizations with limited resources to equip themselves at a low cost. The project consists of an open-source tool suite that provides a comprehensive mobile device forensics and digital investigation platform.
📢 Announcements
🎉 Impacts and resultsTwo security vulnerabilities identified in PiRogue have been fixed. The dashboard is now accessible in HTTPS only and upon their first login to PiRogue, the user is now requested to change their password. 📒 Activity reportYou can find more details about the different activities in the project roadmap. 📦 US2 - Better knowledge managementA significant improvement involves refining knowledge organization and representation within Colander. This includes establishing a hierarchical structure for cases, where parent cases inherit from child cases, enhancing the management of extensive investigations. Furthermore, Colander will support the creation of multiple graphs within a single case, allowing for diverse projections of a subset of the case knowledge graph. The inclusion of thumbnails on graph nodes will simplify the investigation by involving pictures. Overview of the different activities
Add thumbnails on graph nodesThis monthThumbnails can now be managed directly with the entity creation/edition form or directly within the graph. From an investigation point of view, this feature significantly increases the readability and understanding of interconnections within a case. Batch import of knowledgeThis monthWe’ve created a Vue component that allows the user to import a CSV file with Colander and automatically create the entities represented in the CSV file. The rows correspond to the entities to create, and the columns correspond to the properties of the entity. This component allows the user to import observables, devices, actors, threats, and data fragments. Next monthWe will release this feature. 📦 US100 - DocumentationDocumenting the project is key in its usability. We are continuously documenting the different tools and features we develop and build new learning materials to facilitate skills development. This monthIn response to the audit’s identification of Vulnerability 2.4, the documentation has been updated. This update details the security and usability implications of requiring an HTTPS-only connection to the PiRogue dashboard. Two cookbooks have been added: Next monthWe will continue to improve the project documentation to accurately reflect ongoing changes and updates. 📦 US101 - MaintenanceWe manufacture PiRogues to supply organizations, while taking care of its maintenance. We will include OS upgrades, improvement of the documentation, and fixing bugs. Regarding Colander and Threatr, we maintain the public Colander server, upgrade dependencies, improve the documentation, and fix bugs. This monthSecurityThe Vulnerability 2.4 impacting PiRogue has been fixed and released in the package The Vulnerability 2.3 impacting PiRogue OS has been fixed and released in the PiRogue OS image version ImprovementsThe HAR Analyzer has been published on NPM repository and is available to anyone who wants to use it in their project. This component is already integrated into Colander artifact preview pages. With the integration of Mandolin, artifacts stored in Colander are automatically analyzed with Apache Tika. This analysis extracts artifact metadata like the geolocation information stored in a picture and the content of documents or images by leveraging OCR if necessary. Next MonthWe will continue the maintenance of the tools, Debian packages we maintain, and Colander ecosystem. 📦 US102 - Community and outreachGiven the success of events, webinars, and demos with members of the civil society, NGOs, and security researchers, we continue with our outreach plan. We organize trainings and demonstration sessions as well as creating spaces for the community to share feedback and request new features via our mailing list, GitHub issues, or Discord server. We analyze one Android app that has received the community’s interest (ex COP28 app) per month. The application to be analyzed is chosen by the community. The analysis report is first privately shared with the community and one month later it is publicly released. We organize monthly calls open to all members of the community to share project updates and get the community’s feedback. This monthThe analysis report of the APNA Tunnel Lite v27 Android application has been published. The PTS community meeting took place on Apr. 25. The next one will happen online on May 30 at 2pm CET. This month, more than 40 virtual PiRogues have been deployed. Next monthWe will continue with our recurring activities. 📦 US103 - GovernanceThis monthThe working plan we have defined with The Engine Room has been approved by OTF. They are assisting us in conducting user research, mapping systems and audiences, and designing sustainable user feedback processes. Our proposal to the Calyx Institute’s Sepal fund has been rejected. We’ve followed up with potential partners to explore different hosting options for our users. Next monthWe will continue with our recurring activities. |