Ai-assist features can add hypotheses, challenge existing hypotheses (devil's advocate), add evidence, automatically suggests scores for evidence and hypotheses, generate insights for your hypotheses rankings, analyze sensitivity of findings, and generate suggested milestones.
An AI source must be connected in order to activate those features, but the ACH tool is fully functional without any AI.
Remember the AI suggestions are to be taken as suggestions, not gospel. Use your own best judgement, as the AI is not the one source of truth and can be wrong or make mistakes.
Exporting the JSON file allows you to re-load your progress later. The PDF is a brief report on the overall results, and the markdown contains all relevant data you gained from your analysis.
Good question. TL;DR is you won't find those here.
ACH is a different sort of hypotheses testing tool. This tool does not do formal "Statistical Hypothesis Testing" using the formal statistical methods that would be used for the rigorous testing required in the scientific world. There is a null hypothesis found in ACH, but that's about the only real crossover. So, you won't be able to find any p-values, t-tests, chi squares or any statistical significance at all in this.
My Analysis of Competing Hypotheses tool uses the methodology created by Richard Heur - it's an intelligence analysis methodology designed to be used by analysts who need a way to avoid their own biases as much as possible when investigating a question. There's no p-value calcs, no actual statistical significance, or any real math at all (the only math involves adding up rows of values from -2 to 2 basically, and then putting them in order).
The whole reason hypothesis testing is used in science, is to prevent the exact same biases deluding ourselves: is this a spontaneous statistical cluster of events, or is it a statistically significant deviation from our understanding of the world?
Is what you posted really how the CIA works?? I think lots of taxpayers would want their money back...
I dockerized most of what I could, the rest of it I put in a data silo for ease of destruction when necessary. Is there something in particular you think would work better or be more secure being added to the docker setup?
The ACH method actively encourages you to start off with any and all plausible explanations and eliminate them as you go along, but the AI suggestions are definitely more limited than what a human could come up with.
There are LLM limitations on the call to generate hypotheses to return them in a certain format and to return a certain number of them, and that sort of thing, so it's usually in your best interest to use the LLM as more of an assistant to check if you missed anything or for a push to get started looking in different directions more than having the AI doing the whole thing (although if you are being lazy or don't know what to do, you could let the LLM do pretty much everything - I pretty much let the LLM handle everything it could in testing.)
There's a lot of potential for overlaps in features - e-discovery is one of the core concepts behind this platform, definitely.
Also, it's true that a lot of the existing tools that do similar things are anything but free.
I can imagine most or all of the things ArkhamMirror does are done elsewhere by other programs and tools. I don't know of any unclassified projects that do ACH better, but that's a pretty niche tool, and the government loves their 20-year-old software solutions.
Off-the-shelf programs designed for use by lawyers have layers of protections built in to make sure they are suitable for court-use. I don't make any claims as to the legal utilities of this program whatsoever. In fact, the ACH PDF report generated specifically calls attention to the AI-generated nature of the materials and warns against using any data generated or entered without human review and approval.
That said, you can make some pretty cool, non-legally useful, connections with tools like author unmask, where you feed the system docs by a known author and run them against docs written by an unknown or suspected alias to check for similar voice. During ingestion, the system automatically yanks all detected Regex data and puts it into a nice sortable, searchable list for you.
Legal e-discovery products are going to be highly polished, reliable programs designed to be used in a legal setting, while ArkhamMirror is designed to be used while you sit in your faraday cage in your hacker cabin in the woods with no Wi-Fi.
No shade intended - my stuff's not nearly as pretty or as well-put together as a decent off-the-shelf e-discovery program and I'm not trying to imply that it's better in any way, it's just differently aligned.
There's an isolated venv/ in the project folder, so no global packages or system python mods.
If your python is 3.11+, the install should recognize it. If you have 3.10 or lower, it's going to prompt you to install 3.11 for the project environment through winget or python.org. If you are running multiple pythons, it uses py -3.11 to pick the version.
For Docker, the app is going to want you to already have docker running, and will want to make and utilize 3 containers (PostgresSQL, Qdrant, Redis) in their own isolated docker-compose project. It uses nonstandard ports, but there could be conflicts there if you have stuff running on 5435, 6343/6344 or 6380. The backend wants to run at 8000, and the frontend wants to run at 3000, so those could conflict potentially as well.
The script is going to check if docker is running - if it is, you should be set. If it's not, it's going to prompt you to start it up.
Nothing in the install should touch your docker daemon config or your existing containers.
Great, thanks! I don't know much about Python or Docker, for that matter. But I just learned about and installed uv for Python management, and I have used Orbstack for containers in the past because I'm on Mac and the Docker Desktop blows.
I do development on my machine, so I like to control its environment deliberately.
I get it - pretty much everything I've been working with to build this platform is basically brand new to me, or just brand new in general, so I have to be wary of how I do things too.
That's awesome, thank you so much for getting more eyeballs on it!
My approach to security so far has been to keep it air-gapped and include a nukeitfromorbit.bat that will do everything but physically destroy your SSD to keep your privacy intact.
The narrative reconstruction tool was pretty fun to make, and it's been impressive in testing, but the real test will be if it actually helps someone in a real investigation.
If you see anything in my project that could help your project, then that's awesome news to me!
I'm definitely going to keep working, and hopefully soon it's going to do some pretty cool stuff. All the best to you and OSINTBuddy
This feature update is all about ACH, but there are several other functions that might also be of use for doing audit or compliance work.
Is there any particular function you had in mind?
ArkhamMirror can also scan your corpus for near duplicates, clusters, can check for signs of people using copy-paste in their work, find designated red flags, regex data, and that sort of thing. It's really generalized for as many use cases as possible at this stage, and I'm about to start working on modularity for specialization soon, so feel free to make suggestions on how you'd want to use it.
I don't have any background as an analyst or anything like that. ACH is a real tool, really used by the CIA, and the existing versions are basically crappy spreadsheets, or not free, or both.
I don't doubt someone with coding skills could do it better, it's just that no one else has stepped up. Probably because there's no profit angle, but that's conjecture on my part.
https://mantisfury.github.io/ArkhamMirror/ach/
Enjoy