Kirjuri, a forensic evidence item management application

Front page of Kirjuri


As this project has been inactive for years, it was inevitable that some of the dependencies will become out of date. There are several security vulnerabilities in the dependencies involved, and some of the dependencies, like Twig, don’t play nice with the newest version of PHP. IF you wish to install and use Kirjuri, please update the dependencies manually & make sure you install it in a safe environment. The original advice was to install in an air-gapped environment. and this advice still stands.

As always, I can not guarantee the security of this software, and any users will be solely responsible of configuring it securely before using. There have been several attempts by well-meaning individuals to develop this project further, but they have all been deterred from it by the quality of the code and the lack of proper commenting.

Use Kirjuri at your own risk.

* * * 

Kirjuri is a digital forensic evidence item management system. It is a web application designed to help forensic teams manage, track and report devices delivered for forensic examination. It was born in the Helsinki Police Department, which handles over a thousand devices annually. Managing these devices and keeping track of the changes and locations to all this material proved to be a difficult task, since no ready software suites for multi-user evidence device management existed.

Kirjuri was written from the ground-up with one task in mind – easing the clerical tasks of the forensic investigator by organizing devices under examination requests. It is easy to deploy on an internal network using a Linux-based virtual machine as a server. Kirjuri is being used by a number of private organizations and law enforcement agencies in a number of countries. The current public release for Kirjuri is 0.9.2 .

Kirjuri requires a web server with MySQL and PHP7 installed. Some performance issues have been noticed when running Kirjuri on a WAMP server, so installing on a Linux server is recommended. The performance issues seem to be related to how a WAMP server resolves “localhost”, so changing this from the setting to your localhost IP address should solve this issue if you are having slow loading times for pages containing multiple evidence items.

Kirjuri is no longer under active development, since I don’t have time to dedicate to it anymore. The current release version is 0.9.2. I am working on a few fixes, notably the statistics page showing incorrect numbers, but I will not guarantee any timetables for this. If you are interested in taking over the project and developing the tool further, please reach out to me via email.

Update 23.8.2018: The live demo has been deprecated. You can give Kirjuri a try by installing the software locally.

Main features

  • Organize devices into examination requests and track their location and status.
  • Make notes about forensic findings and generate a simple report to document them.
  • Organize your tools and manage reservations for them.
  • User management with case-by-case access management and different access leves.
  • Simple user interface designed for the needs of actual forensic examiners.
  • Extensive internal logging for compliance and audit tasks.
  • Highly customizable via configuration files for different organizational needs.
  • Supports attachments up to 16MB.
  • Export and import examination requests (with attachments) via .krf files.
  • See the changelog for more details on what’s new in the current release.
  • Kirjuri supports English, Finnish and German and is easily localizable via a configuration file.

Installation and requirements

Clone the github repo to your server. Kirjuri requires a web server with PHP7 and MySQL installed. You can install Kirjuri on your server by following these steps:

  • Install PHP, MySQL and Git (Debian/Ubuntu: sudo apt-get install git mysql-server php7.0 php7.0-fpm php7.0-mysql php7.0-ldap nginx-full.
  • For a local, single-user installation, you can use a development server app like MAMP.
  • Download or clone the Kirjuri code repository from GitHub: git clone
  • Place the downloaded copy into your webroot or a subfolder.
  • If you wish to configure a testing environment, simply copy the Kirjuri folder to an adjacent subfolder and run the installer again with a different database name.
  • Modify folder permissions so that the web server owns the following folders: cacheconf and logs.
  • Browse to your web server and open the /install.php page.
  • Fill in the fields and run the installer from your web browser.
  • Go to “settings” on your admin account and set your preferences.
  • Create user accounts for your team or configure LDAP access.
  • If you want Kirjuri to speak your language, copy the lang_EN.conf file to a new file and translate the strings. If you do this, please send me the file so I can add it to the repository.

Additionally, it is advisable to configure your web browser to not allow direct access to cacheconf or logs folders. This can be achieved by adding the following directives to your web server:


  location ~ \.(conf|log|txt|local)$
    deny all;
    return 403;


  <Files ~ "(.conf|.log|.txt|.local)">
    Order allow,deny
    Deny from all

Updating to the latest release

  • Back up your existing installation and database! Using a virtual machine to host Kirjuri is recommended, because you can easily take snapshots to prevent problems from updating.
  • Download the latest release, unzip it and copy the new Kirjuri files over your old ones.
  • Delete all files and folders from the cache folder, excluding the .gitignore file.
  • If you get an error message after updating, Kirjuri might need some additional tables that do not exist yet on your installation. Run /install.php with your credentials and existing database name. The script will fail at creating a database and/or tables because some of them already exist, but it will write the new tables on your existing installation. It will not erase your existing database.
  • Re-set folder permissions if necessary.

Localizing Kirjuri

  • Copy the language file of your choice to the settings folder as lang_yourlang.conf
  • Translate the variables
  • Copy the appropriate icons in views/img/svg/ to match device names set in [devices] and [media_objs] in the language file.
  • Icon file names convert spaces to underscores, lowercase letters and convert the umlauts ä ö å Ä Ö Å to a o a A O A: using the following Twig filter: {{ entry.device_type|lower|replace({" ": "_", "ä": "a", "ö": "o"}) }}
  • Please be mindful of possible problems with special characters in device names not converting cleanly to file paths.
  • If you localize Kirjuri to a new language, please send me the language file and new icons and I’ll gladly add them to the repository and credit you for them.

Important security information

Kirjuri is not designed to be installed on an internet-facing server. Forensic evidence and the metadata about the devices and findings is usually extremely sensitive information. It is strongly recommended that you install Kirjuri on an air-gapped network to serve your forensic examiners locally. Familiarize yourself with the software prior to installing it into a production environment. The developers accept no liability on possible security breaches caused by programming errors.

If absolutely you need to deploy Kirjuri over the internet, it is advisable to limit access by requiring VPN to access the site. Additionally you can configure your web server to require client certificates and whitelist IP-addresses on server level. Per-user and global application IP whitelists should be deployed both on Kirjuri itself and the server serving the application.

Even though care has been taken to protect Kirjuri from unauthorized use, XSS, CSRF, SQLi and other common vulnerabilites, the author will not accept any responsibility or liability on the security of this software. Kirjuri can be secureif it is installed and used securely. A PHP application cannot be trusted to handle that for the administrator and configuring your production server is your responsibility.


Kirjuri has been released under the MIT License. See the GitHub repository for licensing details. Kirjuri uses TwigHTMLPurifyBootstrap CSSFont AwesomeFreepik image resourcesChart.jsvis.jsTinyMCE editor and jQuery.


This software has been written by Antti Kurittu, who currently works as a senior specialist at the National Cyber Security Center of Finland (FICORA NCSC-FI). German localization work has been done by Dennis Schreiber. If you are interested in contributing, giving feedback or just letting me know you use and enjoy Kirjuri – please Send me an email! Kirjuri on GitHub

You might be interested in …

u r hackerman!

Restoring admin access in Kirjuri

All posts, Forensics, Kirjuri

I recently got asked how to restore admin access on Kirjuri after the original administrator has left and the password for the admin account isn’t known. As Kirjuri does not have any internet-connected features, it can’t implement a standard “we’ll email you a password reset link feature. Most Kirjuri users run their own server on […]

Read More

Kirjuri 0.9.2 changelog

All posts, Forensics, Kirjuri

2018-03 Version 0.9.2 A few fixes as requested and notified by the users of Kirjuri. Merged good work on the LDAP authentication parts from the good people of Missouri S&T Added a Spanish language file courtesy of QuiQue CiBeRs, thanks! Fixed a bug causing the statistics page to ignore the last day of the year. […]

Read More


  1. I got this error message as below after i try to create a user
    Can i know why this message shows?

    Installation error: (2) mysqli::__construct(): (HY000/1045): Access denied for user ‘vimal’@’localhost’ (using password: YES)

    Connection failed: Access denied for user ‘vimal’@’localhost’ (using password: YES)

    1. Hi, it looks like you’re trying to log in to the MySQL server using your own username. MySQL has it’s own user profiles, so you need to either create a MySQL user with that name or log in as root.

      You set the MySQL root password when you install MySQL Server for the first time. You can use root and it’s password to log in, but be mindful that this gives Kirjuri powerful access to all databases on the MySQL so if you’re hosting several applications on the same database this might not be a good idea from a security point of view.

      You can try logging into MySQL from the command line with “mysql -u root -p” and then supplying the password you created when first installing MySQL. If that succeeds, you can use those credentials when installing Kirjuri.

      If this doesn’t resolve your issues, please feel free to email me and I’ll see if I can diagnose the problem better.

Leave a Reply to Antti Kurittu Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.