Skip to content

[ MESH ]

Warning

Please be aware this project is currently in public alpha. We take security seriously, and we recommend not using this in production till we have conducted a full penetration-test. This is scheduled at the start of 2026. Features and APIs may change. Please report issues on GitHub.

MESH is a censorship-resisting, peer-to-peer first, end-to-end encrypted overlay network for digital forensics. It's a fork of the Tailscale protocol, but is self-hostable and heavily modified for civil society and forensic operations.

Key features:

  • Censorship resistance - Uses AmneziaWG obfuscation for hostile or censored networks, and falls back to encrypted HTTPS relays when UDP is blocked. This offers protection against the GFW and detection by Deep Packet Inspection (DPI) systems.
  • Peer-to-peer connections - Creates direct encrypted tunnels between devices, removing the need for hub-and-spoke topologies
  • Rapid deployment - Spin up a forensics mesh, collect data, tear it down, and start again in minutes without complex configuration

What you can do with MESH:

  • Remote Android forensics - Connect to Android devices anywhere in the world via ADB-over-WiFi
  • Automated spyware detection - Integrates with AndroidQF and MVT for IOC checks
  • Network monitoring - Capture network traffic (PCAP) from remote devices
  • Secure data transfer - Collect forensic artifacts like bug reports and system dumps over encrypted connections
  • Team collaboration - Multiple analysts can work on different devices through the same secure network
  • Quick setup and teardown - Create investigation networks in minutes, tear them down when done

Mesh networking, made for remote mobile forensics

  • MESH networking

    Discover why using a MESH network is a powerful way to build secure ephemeral remote forensic networks for threat analysis and forensics

    View features

  • Architecture

    Learn about the three core components that power MESH

    Explore architecture

  • Use cases

    See how MESH helps investigators in real-world scenarios

    Read use cases

  • Platform support

    Check which platforms are supported and what's coming next

    View platforms

Quick start

Ready to get started? Follow our step-by-step guide:

  • Getting started guide

    Complete setup guide from zero to your first forensic collection

    Start here

Or jump directly to a specific component:

  1. Set up the control plane - Deploy your self-hosted coordination server
  2. Install the analyst client - Set up your Linux/macOS forensic workstation
  3. Deploy the endpoint client - Install the MESH app on target devices
  4. Verify your setup - Test connectivity and run your first collection

Learn more

Documentation

About the project