Spyware research in civil society is dominated by organizations with access to closed source tools and methodologies, creating high barriers to entry for digital security practitioners as well as new researchers. This negatively impacts global spyware identification, response, and mitigation by re-enforcing bottlenecks. Furthermore, current forensic workflows require physical device access or a complex victim-driven artifact extraction process, which is often impractical and time-consuming in high-risk, time-sensitive situations. In addition, many existing tools over-collect personally identifiable information (PII), are cumbersome, and jeopardize chain-of-custody.
To address these issues, MESH forensics will develop a remote, digital forensics tool that creates a temporary, private, VPN overlay network between a victim and threat lab for remote investigation. The consent-driven, forensic data acquisition will occur over an open source, decentralized, and end-to-end encrypted control plane. This eliminates geographic barriers, protects PII, and allows for timely and accurate forensics analysis. In addition, enabling remote analysis builds the forensics capabilities of small civil society organizations, supporting the decentralization of threat data and scalable intel efforts.
