Introduction

Ilexum Group is an open-source forensic toolkit for incident response and digital investigations. It is composed of three focused binaries:

Why This Stack

Most forensic pipelines need all three layers:

Ilexum Group keeps these concerns separated, but aligned through a shared custody model and compatible payload design.

Tool	Purpose	Input	Output
Bitex	Metadata-first disk analysis with TSK	Disk images and block devices	Partition analysis, fs stats, file listings
Tracium	Host and artifact acquisition	Live systems or mounted forensic images	`SystemData` + `ForensicsData`
Evidex	Evidence package acquisition	Files/directories	`EvidencePackage` with hashes and metadata

Shared Architecture

All three tools use a shared custody-chain approach, RFC 5424 logging style, and authenticated HTTP transmission to remote analysis backends.

Read-only collection paths across acquisition flows
Cryptographic integrity checks embedded in evidence/custody metadata
End-to-end execution traceability for commands and operations
Cross-platform coverage including Linux, Windows, macOS, FreeBSD, and OpenBSD
Composable architecture with explicit model contracts in each repository

github.com/ilexum-group/bitex
github.com/ilexum-group/tracium
github.com/ilexum-group/evidex

Bitex (disk metadata baseline)
  -> Tracium (host timeline + artifacts)
  -> Evidex (targeted file acquisition package)

Use this sequence when you need both breadth (system context) and depth (high-value files) with complete custody traceability.

The Ilexum Group tools are designed to meet established digital forensics standards:

ISO 27037: Guidelines for identification, collection, acquisition, and preservation of digital evidence
NIST SP 800-86: Guide to computer and network forensics
Daubert Standard: Admissibility requirements for scientific evidence