TIGER — Telecom Incident Gateway for Evidence Reporting
Technical Overview

System Architecture

How TIGER moves evidence from carrier networks to investigator desks — securely, traceably, and immutably.

External Actors

📡

Telecommunications Carrier

AT&T, Verizon, T-Mobile…

🏛️

Government Investigator

FBI, DEA, FTC, State LE

🛡️

Victim / Witness

Public, anonymous

HTTPS / TLS

Frontend — Next.js 16 (App Router)

🌐

Public Site

/

📡

Carrier Portal

/carrier

🏛️

Gov Portal

/gov

🛡️

Victim Portal

/victim

⚙️

Admin Portal

/admin

JWT Auth ContextRBAC route guardsAuto 401 redirectlocalStorage tokenNginx → port 3000
JSON/REST · Bearer Token

Application Layer — FastAPI + Python 3.11

🔑

Auth / RBAC

JWT + 5 roles

📋

Incident Service

Multi-tenant CRUD

🔒

Evidence Service

S3 presigned PUT

📞

CDR Ingestion

CSV → canonical schema

🛡️

Victim Linkage

Heuristic + manual

📜

Audit Service

30+ event types

🏢

Org Management

Tenant isolation

👤

User Management

platform_admin only

HS256 JWT · 8h expirySQLAlchemy ORMPydantic v2 schemasUvicorn ASGIPM2 process managerNginx → port 8000
SQLAlchemy ORM / boto3

Storage & Infrastructure

🗄️

Database

  • ·SQLite 3 (WAL mode) — prototype
  • ·PostgreSQL/RDS — production path
  • ·org_id scoped queries
  • ·No cross-tenant leakage
🪣

S3 Evidence Vault

  • ·Presigned PUT URLs
  • ·Browser → S3 direct
  • ·SHA-256 verified on complete
  • ·Legal hold flags
  • ·Retention classification
🖥️

Infrastructure

  • ·EC2 Ubuntu 22.04 (us-east-1)
  • ·Nginx reverse proxy + TLS
  • ·Let's Encrypt — tigerex.us
  • ·PM2 auto-restart on crash
  • ·UFW firewall (80/443/22)

Evidence Flow

1Carrier Creates Incident

Case number, priority, and status set. Organization_id scopes all downstream data.

POST /carrier/incidents
2Evidence Uploaded

Presigned S3 URL issued. Browser uploads directly. SHA-256 verified on completion.

S3 PUT + /evidence/complete
3CDRs Ingested

CSV mapped through carrier profile. Each row normalized to canonical schema with TGX-CDR key.

POST /cdr-batches
4Victim Report Filed

Public submission. Auto-matched heuristically. Manual link by gov_admin if needed.

/victim/report
5Gov Reviews & Links

Assigned agency reviews evidence, CDRs, and victim reports. Audit events logged at every step.

/gov/incidents

Core Data Model

organizations

  • id
  • name
  • org_type
  • is_active
  • created_at

users

  • id
  • email
  • role
  • organization_id
  • hashed_password
  • created_at

incidents

  • id
  • case_number
  • title
  • priority
  • status
  • visibility
  • organization_id
  • assigned_agency_org_id

evidence_files

  • id
  • incident_id
  • file_key
  • sha256
  • evidence_type
  • status
  • legal_hold

cdr_records

  • id
  • cdr_key
  • orig_tn
  • dest_tn
  • start_time_utc
  • duration_seconds
  • call_fingerprint

victim_reports

  • id
  • access_token
  • victim_phone
  • caller_number
  • match_status
  • matched_cdr_id

cdr_report_links

  • id
  • cdr_id
  • victim_report_id
  • link_type
  • confidence_score

audit_events

  • id
  • action
  • actor_user_id
  • organization_id
  • entity_type
  • entity_id
  • ip_address
  • metadata_json
View Workflows →← Home