EBOXLAB - Digital Forensics & eDiscovery
A standalone forensics platform built for examiners and legal professionals who need to manage cases, track evidence, and maintain chain of custody — without ever connecting to the internet.
Air-Gapped
Zero Network Access
Zero Deps
No Runtime Required
Cross-Platform
Windows & macOS
Flat-File
No Database Server
The Challenge
Forensic examiners and legal teams handle some of the most sensitive data imaginable — evidence tied to active investigations, litigation holds, and regulatory proceedings. Yet the tools available to them often require cloud connectivity, database servers, or complex infrastructure that introduces security risks and compliance headaches.
In environments where chain of custody integrity is non-negotiable and sensitive evidence must never be exposed to external networks, teams need a platform that works completely offline — one that's portable, auditable, and simple enough to deploy without an IT department.
The Solution
We built EBOXLAB as a single standalone executable — no installation wizard, no database server, no internet connection required. It runs directly on Windows or macOS, stores all data in portable flat files, and provides a complete forensic case management workflow from a single binary.
The platform covers the full lifecycle: client intake, case creation, evidence cataloging, chain of custody tracking, examiner management, and built-in forensic tools like hash verification and file inspection. Everything operates in a completely air-gapped environment, ensuring sensitive data stays exactly where it belongs.
Key Capabilities
Case & Evidence Management
Centralized tracking of cases, clients, evidence items, and examiner assignments — all structured for fast retrieval and defensible record-keeping.
Chain of Custody Tracking
Every custody transfer is logged with timestamps, actions, and responsible parties — maintaining an unbroken, auditable chain from intake to disposition.
Built-in File Manager
A dual-pane file browser designed for forensic workflows — navigate directories, inspect attributes, and manage evidence files without leaving the platform.
Hash Verification
Compute SHA-256 and MD5 hashes on demand with full file attribute reporting. Verify evidence integrity at any point in the case lifecycle.
Cross-Platform
Runs natively on both Windows and macOS as a single standalone executable — no installers, no configuration, no runtime dependencies.
Air-Gapped Security
Designed for sensitive environments where data must never touch the internet. Zero network dependencies, zero cloud exposure, zero risk of external breach.
How It Works
1. Deploy Instantly
Download a single executable. No installation, no configuration, no dependencies. Launch and start working immediately.
2. Set Up Your Cases
Create client profiles, open cases, assign examiners, and begin cataloging evidence items with acquisition details and hash values.
3. Maintain Chain of Custody
Every transfer, inspection, and action is automatically logged with timestamps — creating a defensible audit trail.
4. Verify & Report
Use built-in hash calculators and file inspection tools to verify evidence integrity at any point. All data is portable and ready for backup.
Built for Real-World Forensics
Every design decision was made with forensic workflows in mind — from the dual-pane file browser to the automatic activity logging.
Automatic Audit Trail
Every action across all modules is logged chronologically — no manual entry required.
Cross-Module Search
Search across clients, cases, evidence, examiners, and custodians from a single interface.
Portable Data
All records stored as flat files — copy them to back up, move to another machine, or archive a case.
Why It Matters
Evidence Security
Sensitive forensic data never touches the internet. Air-gapped operation eliminates the risk of cloud breaches and unauthorized access.
Operational Independence
No servers to maintain, no licenses to manage, no IT infrastructure required. One file, any machine, instant productivity.
Defensible Records
Automatic audit trails and hash verification provide the documentation integrity that legal proceedings demand.
View on GitHub