Direct answer
What makes evidence ready? Evidence is ready when enough artifacts, provenance, timestamps and confidence exist to support analyst action or external handoff.
Evidence types
Screenshots, HTML, redirects, headers, liveness checks, source provenance, OCR/QR extraction, mule-route metadata, kit fingerprints and analyst decisions can be linked to entities and cases.
Decision workflow
Rows move through review candidate, corroborated suspicious, confirmed, false positive, uncertain, escalated and resolved states with an auditable action trail.
Handoff output
CERT handoff packs can include safe kit weakness notes, graph context, provenance, confidence, evidence references, redaction status and export files.
How PhishNet uses this
Inside PhishNet this topic is treated as operational graph context: observations are linked to sources, evidence, Belgian relevance, confirmation state, liveness, campaigns and exports. Public pages explain the method; authenticated users can pivot into the full platform workflow when a signal needs investigation or handoff.
Selected sources and research
These pages combine PhishNet platform knowledge with public research, official Belgian sources and open OSINT documentation.
Common questions
What makes evidence ready?
Evidence is ready when enough artifacts, provenance, timestamps and confidence exist to support analyst action or external handoff.
Does the public site expose raw IOCs?
No. Public pages redact dangerous indicators; authenticated platform users can see operational indicators according to role and policy.