Presenter ModeChecking…

TIGER Demo Playbook

7-minute live walkthrough · FBI / Law Enforcement presentation

Executive Briefing →Live Site →

Demo Credentials

Carrier DemoOpen →

Government DemoOpen →

Platform Admin DemoOpen →

Demo Sequence

🌐

Step 1 of 10 · 0:00

Homepage

🎙 Say this

"This demonstration shows TIGER in operation — the Telecom Incident Gateway for Evidence Reporting, accessible at tigerex.us. It is a centralized system for telecom abuse evidence intake, normalization, victim corroboration, and government investigation support."

🖱 Do this

Draw attention to the hero section, the three portal buttons, and the system-operational badge.

Open ↗

Progress10%

Pre-Demo Checklist

Active incident exists

Evidence file uploaded

CDR batch imported

Victim report linked

Manual checks

□Manual CDR-report link with confidence 0.91

□14 audit events seeded across all action types

□Gov incident access: FBI Cyber Division assigned

□System health badge shows green / operational

ℹ Prototype Data Notice

This prototype uses seeded demonstration data and synthetic CDR records. All organizations, users, and call records are fabricated for demo purposes.

Key Talking Points

📦

Standardized Evidence Intake

Every carrier formats CDRs differently. TIGER enforces a canonical schema — one format for every record from every carrier — so investigators never have to normalize data manually.

🔑

TGX-CDR Keys

Every call record gets a deterministic TGX-CDR key based on origin, destination, and start time. This enables deduplication, cross-case correlation, and cryptographic traceability.

🛡️

Victim Corroboration

Victim submissions are automatically matched against carrier CDRs by phone number and call time. Unmatched reports surface for manual review, creating a legally defensible linkage record.

🔒

Carrier / Agency Separation

AT&T cannot see Verizon data. DEA cannot see FBI data. Visibility is enforced at the database query layer — not just the UI. Every query is scoped to the requesting organization.

📜

Immutable Audit Trail

Thirty-plus action types are logged with actor, IP, timestamp, and JSON metadata. Lineage from carrier upload to victim linkage is fully reconstructable from audit_events alone.

⚡

Prototype → Production

SQLite → PostgreSQL/RDS is a one-line config change. The S3 presigned upload flow works with real AWS credentials today. The architecture was designed for GovCloud from the start.

Prototype vs. ProductionBe explicit — say this

✅ Running today

·EC2 Ubuntu · single instance · us-east-1

·SQLite 3 WAL — zero-config, embedded

·FastAPI + Uvicorn + PM2 auto-restart

·Next.js 16 App Router with Turbopack

·S3 presigned upload flow (mock bucket in dev)

·HTTPS via Nginx + Let's Encrypt on tigerex.us

·JWT RBAC enforced at every API layer

·30+ audit event types logged end-to-end

🚀 Production path

·PostgreSQL on RDS — 15-min config swap from SQLite

·Real AWS S3 credentials — upload flow already correct

·RS256 JWT + refresh tokens + SSO/SAML integration

·Uvicorn multi-worker or ECS/Fargate containerized

·CloudFront CDN + WAF protection on portal endpoints

·GovCloud-aligned IAM, VPC isolation, KMS at rest

·FedRAMP-adjacent architecture from day one

·Multi-carrier onboarding with org isolation verified