TRACE - Phase 1
A system for structuring artefacts, timelines, and relationships for controlled evaluation.
TRACE is a local built analysis application. In phase one we are working on the timeline construction and how we will be using evidence linkage and analyst-reviewed suggestions.
The Timeline module will be the location to enter ABI timeline data where events are logged and artefacts/evidence is attached. They are then classified by ABI (Activity Based Intelligence) relevant vectors. This data is then visually inspected chronologically and any evidence relationships can surface.
This was the first module because it prioritises chronology integrity, provenance, traceability and analyst control.
The initial view was based off a Killchain Excel sheet I created to identify the various phases and how a threat actor interacted.
At least you had something pretty to look at during that gloomy period. Please note, this was in Excel.
Screenshots from TRACE as of today’s build:
Main Page
Artefact/Evidence vault
Current fields. Soon to be updated.
