Front page of Kirjuri

Kirjuri, a forensic evidence item management application

Kirjuri is a digital forensic evidence item management system. It is a web application designed to help forensic teams manage, track and report devices delivered for forensic examination. It was born in the Helsinki Police Department, which handles over a thousand devices annually. Managing these devices and keeping track of the changes and locations to all this material proved to be a difficult task, since no ready software suites for multi-user evidence device management existed.

Kirjuri was written from the ground-up with one task in mind – easing the clerical tasks of the forensic investigator by organizing devices under examination requests. It is easy to deploy on an internal network using a Linux-based virtual machine as a server. Kirjuri is being used by a number of private organizations and law enforcement agencies in a number of countries. The current public release for Kirjuri is 0.9.2 .

Kirjuri requires a web server with MySQL and PHP7 installed. Some performance issues have been noticed when running Kirjuri on a WAMP server, so installing on a Linux server is recommended. The performance issues seem to be related to how a WAMP server resolves “localhost”, so changing this from the setting to your localhost IP address 127.0.0.1 should solve this issue if you are having slow loading times for pages containing multiple evidence items.

Kirjuri is no longer under active development, since I don’t have time to dedicate to it anymore. The current release version is 0.9.2. I am working on a few fixes, notably the statistics page showing incorrect numbers, but I will not guarantee any timetables for this. If you are interested in taking over the project and developing the tool further, please reach out to me via email.

Update 23.8.2018: The live demo has been deprecated. You can give Kirjuri a try by installing the software locally.

Main features

  • Organize devices into examination requests and track their location and status.
  • Make notes about forensic findings and generate a simple report to document them.
  • Organize your tools and manage reservations for them.
  • User management with case-by-case access management and different access leves.
  • Simple user interface designed for the needs of actual forensic examiners.
  • Extensive internal logging for compliance and audit tasks.
  • Highly customizable via configuration files for different organizational needs.
  • Supports attachments up to 16MB.
  • Export and import examination requests (with attachments) via .krf files.
  • See the changelog for more details on what’s new in the current release.
  • Kirjuri supports English, Finnish and German and is easily localizable via a configuration file.

Installation and requirements

Clone the github repo to your server. Kirjuri requires a web server with PHP7 and MySQL installed. You can install Kirjuri on your server by following these steps:

  • Install PHP, MySQL and Git (Debian/Ubuntu: sudo apt-get install git mysql-server php7.0 php7.0-fpm php7.0-mysql php7.0-ldap nginx-full.
  • For a local, single-user installation, you can use a development server app like MAMP.
  • Download or clone the Kirjuri code repository from GitHub: git clone https://github.com/AnttiKurittu/kirjuri.git.
  • Place the downloaded copy into your webroot or a subfolder.
  • If you wish to configure a testing environment, simply copy the Kirjuri folder to an adjacent subfolder and run the installer again with a different database name.
  • Modify folder permissions so that the web server owns the following folders: cacheconf and logs.
  • Browse to your web server and open the /install.php page.
  • Fill in the fields and run the installer from your web browser.
  • Go to “settings” on your admin account and set your preferences.
  • Create user accounts for your team or configure LDAP access.
  • If you want Kirjuri to speak your language, copy the lang_EN.conf file to a new file and translate the strings. If you do this, please send me the file so I can add it to the repository.

Additionally, it is advisable to configure your web browser to not allow direct access to cacheconf or logs folders. This can be achieved by adding the following directives to your web server:

Nginx:

  location ~ \.(conf|log|txt|local)$
  {
    deny all;
    return 403;
  }

Apache:

  <Files ~ "(.conf|.log|.txt|.local)">
    Order allow,deny
    Deny from all
  </Files>

Updating to the latest release

  • Back up your existing installation and database! Using a virtual machine to host Kirjuri is recommended, because you can easily take snapshots to prevent problems from updating.
  • Download the latest release, unzip it and copy the new Kirjuri files over your old ones.
  • Delete all files and folders from the cache folder, excluding the .gitignore file.
  • If you get an error message after updating, Kirjuri might need some additional tables that do not exist yet on your installation. Run /install.php with your credentials and existing database name. The script will fail at creating a database and/or tables because some of them already exist, but it will write the new tables on your existing installation. It will not erase your existing database.
  • Re-set folder permissions if necessary.

Localizing Kirjuri

  • Copy the language file of your choice to the settings folder as lang_yourlang.conf
  • Translate the variables
  • Copy the appropriate icons in views/img/svg/ to match device names set in [devices] and [media_objs] in the language file.
  • Icon file names convert spaces to underscores, lowercase letters and convert the umlauts ä ö å Ä Ö Å to a o a A O A: using the following Twig filter: {{ entry.device_type|lower|replace({" ": "_", "ä": "a", "ö": "o"}) }}
  • Please be mindful of possible problems with special characters in device names not converting cleanly to file paths.
  • If you localize Kirjuri to a new language, please send me the language file and new icons and I’ll gladly add them to the repository and credit you for them.

Important security information

Kirjuri is not designed to be installed on an internet-facing server. Forensic evidence and the metadata about the devices and findings is usually extremely sensitive information. It is strongly recommended that you install Kirjuri on an air-gapped network to serve your forensic examiners locally. Familiarize yourself with the software prior to installing it into a production environment. The developers accept no liability on possible security breaches caused by programming errors.

If absolutely you need to deploy Kirjuri over the internet, it is advisable to limit access by requiring VPN to access the site. Additionally you can configure your web server to require client certificates and whitelist IP-addresses on server level. Per-user and global application IP whitelists should be deployed both on Kirjuri itself and the server serving the application.

Even though care has been taken to protect Kirjuri from unauthorized use, XSS, CSRF, SQLi and other common vulnerabilites, the author will not accept any responsibility or liability on the security of this software. Kirjuri can be secureif it is installed and used securely. A PHP application cannot be trusted to handle that for the administrator and configuring your production server is your responsibility.

License

Kirjuri has been released under the MIT License. See the GitHub repository for licensing details. Kirjuri uses TwigHTMLPurifyBootstrap CSSFont AwesomeFreepik image resourcesChart.jsvis.jsTinyMCE editor and jQuery.

Contributors

This software has been written by Antti Kurittu, who currently works as a senior specialist at the National Cyber Security Center of Finland (FICORA NCSC-FI). German localization work has been done by Dennis Schreiber. If you are interested in contributing, giving feedback or just letting me know you use and enjoy Kirjuri – please Send me an email! Kirjuri on GitHub

You Might Also Like
Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.