Knogin
[Developers]

Case Domain

A major fraud investigation spans 18 months, involves 12 investigators across three units, produces 6,000 evidence items, and results in a prosecution brief that must withstand defence scrutiny at every procedural step.

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsaiblockchain

Overview#

A major fraud investigation spans 18 months, involves 12 investigators across three units, produces 6,000 evidence items, and results in a prosecution brief that must withstand defence scrutiny at every procedural step. Managing that scale of work across emails, shared drives, and spreadsheets is not just inefficient, it actively creates risk. Evidence goes missing. Approval chains break. Chain of custody fails court scrutiny.

The Case domain provides the structured environment that complex investigations require: a 21-stage workflow state machine, complete evidence management, role-based team collaboration, court-ready exports, and hash-chained audit logs that make every action in the investigation defensible.

Key Features#

  • Full case lifecycle management with 21-stage workflow state machine and approval gates.
  • Evidence management with chain of custody, integrity verification, and evidence linking.
  • Team collaboration with role-based permissions (lead, investigator, analyst, reviewer, supervisor, legal counsel, observer).
  • Document management with version control, folder hierarchy, and checksum validation.
  • Advanced full-text search with faceting, saved templates, and relevance scoring.
  • Task automation with event-driven rules engine and conditional logic.
  • Bulk operations for batch updates, transitions, and exports.
  • Court-ready exports with PDF/A, digital signatures, Bates stamping, and RFC-3161 timestamps.
  • Hash-chained immutable audit logs for evidence integrity.
  • AI-generated case synopses and prosecution confidence scoring.

Use Cases#

Law enforcement investigation units manage complex multi-phase investigations from intake through prosecution, with the 21-stage workflow ensuring every required step is completed and signed off before a case moves forward.

Fraud investigation teams at financial institutions maintain court-admissible evidence with verifiable chain of custody across thousands of documents, producing Bates-stamped disclosure bundles that defence teams cannot challenge on procedural grounds.

Multi-agency investigation teams coordinate work across organisations using role-based access that gives each participant visibility appropriate to their function, without exposing the full case to parties who should not have it.

Crown Prosecution Service and district attorney offices generate court-ready disclosure bundles with Bates numbering, digital signatures, and RFC-3161 timestamps directly from the case record, eliminating the manual document preparation step that traditionally precedes filing.

Integration#

Integrates with investigation, evidence, notification, and export domains. Supports multi-database persistence with graph-based relationship queries for complex case analytics.

Open Standards#

  • RFC 3161 (Internet X.509 PKI Time-Stamp Protocol): Court-ready exports attach a Time-Stamp Authority token (tsa_token, tsa_url, tsa_timestamp) so that the exact moment of export is cryptographically provable and cannot be backdated.
  • ISO/IEC 19005 (PDF/A): Disclosure bundles and case exports can be produced in the PDF/A archival format, ensuring long-term readability without reliance on external fonts, colour profiles, or encryption.
  • FIPS 180-4 (SHA-256): All evidence integrity hashes, document checksums, audit-chain event hashes, and disclosure-bundle manifests are computed with SHA-256; comparisons use constant-time evaluation per OWASP ASVS V6.2.8 to prevent timing attacks.
  • ISO/IEC 18004:2024 (QR Code): Exhibit labels carry ISO/IEC 18004-compliant QR codes with configurable error-correction levels (L/M/Q/H), enabling physical evidence items to be scanned directly back to their digital case record.
  • OASIS STIX 2.1: Cases can be exported in STIX 2.1 format, allowing structured threat and investigation data to be shared with threat-intelligence platforms and partner agencies via the standard object model.
  • EDRM (Electronic Discovery Reference Model): Exports support the EDRM profile, producing disclosure bundles whose structure is compatible with e-discovery workflows used by legal teams and courts in common-law jurisdictions.
  • GraphQL: The entire case API is exposed over a typed GraphQL schema, covering queries, mutations, and subscriptions for case management, evidence, documents, bulk operations, and task automation.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.