Technology Partner — Est. 2004
000
100
ExpertiseWorkJournalGet in touch
Home / Work / EBOXLAB - Digital Forensics & eDiscovery

EBOXLAB - Digital Forensics & eDiscovery

A standalone forensics platform built for examiners and legal professionals who need to manage cases, track evidence, and maintain chain of custody — without ever connecting to the internet.

Air-Gapped

Zero Network Access

Zero Deps

No Runtime Required

Cross-Platform

Windows & macOS

Flat-File

No Database Server

The Challenge

Forensic examiners and legal teams handle some of the most sensitive data imaginable — evidence tied to active investigations, litigation holds, and regulatory proceedings. Yet the tools available to them often require cloud connectivity, database servers, or complex infrastructure that introduces security risks and compliance headaches.

In environments where chain of custody integrity is non-negotiable and sensitive evidence must never be exposed to external networks, teams need a platform that works completely offline — one that's portable, auditable, and simple enough to deploy without an IT department.

The Solution

We built EBOXLAB as a single standalone executable — no installation wizard, no database server, no internet connection required. It runs directly on Windows or macOS, stores all data in portable flat files, and provides a complete forensic case management workflow from a single binary.

The platform covers the full lifecycle: client intake, case creation, evidence cataloging, chain of custody tracking, examiner management, and built-in forensic tools like hash verification and file inspection. Everything operates in a completely air-gapped environment, ensuring sensitive data stays exactly where it belongs.

Key Capabilities

Case & Evidence Management

Centralized tracking of cases, clients, evidence items, and examiner assignments — all structured for fast retrieval and defensible record-keeping.

Chain of Custody Tracking

Every custody transfer is logged with timestamps, actions, and responsible parties — maintaining an unbroken, auditable chain from intake to disposition.

Built-in File Manager

A dual-pane file browser designed for forensic workflows — navigate directories, inspect attributes, and manage evidence files without leaving the platform.

Hash Verification

Compute SHA-256 and MD5 hashes on demand with full file attribute reporting. Verify evidence integrity at any point in the case lifecycle.

Cross-Platform

Runs natively on both Windows and macOS as a single standalone executable — no installers, no configuration, no runtime dependencies.

Air-Gapped Security

Designed for sensitive environments where data must never touch the internet. Zero network dependencies, zero cloud exposure, zero risk of external breach.

How It Works

1. Deploy Instantly

Download a single executable. No installation, no configuration, no dependencies. Launch and start working immediately.

2. Set Up Your Cases

Create client profiles, open cases, assign examiners, and begin cataloging evidence items with acquisition details and hash values.

3. Maintain Chain of Custody

Every transfer, inspection, and action is automatically logged with timestamps — creating a defensible audit trail.

4. Verify & Report

Use built-in hash calculators and file inspection tools to verify evidence integrity at any point. All data is portable and ready for backup.

Built for Real-World Forensics

Every design decision was made with forensic workflows in mind — from the dual-pane file browser to the automatic activity logging.

Automatic Audit Trail

Every action across all modules is logged chronologically — no manual entry required.

Cross-Module Search

Search across clients, cases, evidence, examiners, and custodians from a single interface.

Portable Data

All records stored as flat files — copy them to back up, move to another machine, or archive a case.

Why It Matters

Evidence Security

Sensitive forensic data never touches the internet. Air-gapped operation eliminates the risk of cloud breaches and unauthorized access.

Operational Independence

No servers to maintain, no licenses to manage, no IT infrastructure required. One file, any machine, instant productivity.

Defensible Records

Automatic audit trails and hash verification provide the documentation integrity that legal proceedings demand.

View on GitHub

Want work like this?Start your project →