Archive and index online content

[U039b]

Users can retrieve, store and keep track of online artifacts/evidence such as web pages, pictures, and social media posts.

[U039b]

Suggestion: We use an existing browser extension to capture a webpage and/or media and upload the files to a remote server

[U039b]

Interesting browser extensions:

• https://webrecorder.net/
• https://github.com/webclipper/web-clipper
• https://github.com/harvard-lil/scoop
• https://github.com/ArchiveBox/ArchiveBox
• https://github.com/gildas-lormeau/SingleFile
• https://github.com/gildas-lormeau/SingleFileZ

Interesting libs and snippets:

• https://github.com/mozilla/bleach
• https://github.com/yt-dlp/yt-dlp
• https://github.com/HumanRightsWatch/VHS/blob/main/video_downloading_platform/core/telegram.py

[TontonSancho]

SingleFile (SingleFileZ) sounds promising.

At a first level of integration

Colander can :

• Propose the official SingleFile extension link to install
• Craft a Colander dedicated extension-configuration.json importable in the extension by the user, configuring the extension, including:
  • user dedicated destination url to colander
  • user authentication token
  • nice-to-have SingleFile settings
  • Evidence proof API usage ?
• Wait'n and listen to SingleFile uploads to stores them in a To sort task list of artifacts

The main caveat at this point will be the missing of audio/video content. To get around this limitation, some other level of integration could be explored.

At a second level of integration

The user script mechanism of SingleFile can be explored. If the described CustomEvent mechanism is cross tabs, Colander (in an another active tab) can register to this "internal api" and "pimp" SingleFile work on the fly.

Another hypothetical level of integration

As a co-extension to SingleFile, an hypothetical Colander extension should be able to interact with SingleFile extension through its internal API.

[TontonSancho]

This month

This month, we were evaluating the different existing tools and libraries we can reuse to implement online content retrieval and indexation. In order to test potential integration, we have developed mocks within Colander.

We have defined additional goals to be achieved:

• make the integration to the user's working environment easy
• allow the user to focus on collecting content by making the upload to Colander totally transparent to them

Even if we are still refining how this feature will be implemented, we think that providing the end-user with a web browser extension would offer a good user experience. In the background, this extension would take care of uploading the collected content directly to Colander.

Next month

We will select an off the shelf or adapt it to our content collection needs, supporting both static pages and medias.

Challenges

It is difficult to find an existing tool that support both static content (html, image, video poster) and video capture. Some tools we have tested could be extended to address the initial need.

[TontonSancho]

This month

The choice was made to use SingleFile as a first tool to collect content around the internet. It's a well supported project and can be integrated as an extension third-party library.

On the Colander side, work has been done to receive such contents : a new endpoint has been introduced, working as a user 'dropbox'. This approach offers the advantage to extend naturally to any other third-party collector tool in the future.

On a first step, investigators will be able to push any kind of content, unsorted, with the SingleFile extension. On a second step, when getting back on Colander, investigators will be invited to sort and distribute evidence into corresponding cases.

Next month

We will extend the 'dropbox' endpoint to support direct case association as an investigation convenience. We will start a first version of the Colander 'dropbox' evidence triage interface. We will try to package our first Colander browser extension with the SingleFile third-party library.

Challenges

Video content is still difficult to integrate seamlessly in the whole gathering experience. That said, we have good hopes this can be delegate to a third-party service while using our future Colander browser extension.

[TontonSancho]

This month

Welcome to Colander Companion, the first Colander browser extension. As planned, this project relies on SingleFile as an embedded third-party library. The alpha web-extension is in good shape as it now supports uploading collected content directly to Colander. The saved content is a snapshot of DOM of the webpage. This snapshot can be safely opened offline with any web browsers. This extension gives users the option of automatically adding collected content directly to a Colander case. By default, all collected content is stored outside cases and must be sorted afterward.

Next month

We will add a new feature to this companion extension with the objective to invoke the download of the medias embedded into the saved webpage.

Challenges

Multiple security considerations and technical challenges were addressed to ensure a secure communication between the web extension and the Colander API.

[TontonSancho]

This month

We put efforts on the packaging of the new Colander Companion web-extension, planning to make it available on as many browsers we can (including mobile). The extension simplifies the complexity of configuring the SingleFile engine to offer a smooth Colander user experience. We worked on dropped evidence triage UI and Artifact conversion.

Next month

We will test all Companion browser extension with Colander next version. We will then write a list of supported devices and a guide on the user account landing page. We will release to production.

Challenges

None.