There’s been some great work done that could help you out:
DeepLow’s post on setting up a Provisioning Auditing Environment:
- VPN Proxy Qube: Deals with connectivity
- Analysis Qube: Analyze and compile all the data. Inter team communications on a vm
- Antarctica DispVM: Safe space for viewing sketchy stuff. Non networked disposable vm.
- Network Recon Cube: Use inter-qube communication to move recon data into Analysis Qube
Joshua Thayer’s work on the integrated SecureDrop Workstation (SDW), that includes using SplitGPS to download and transfer documents to an offline domain.
Freedom of the Press Foundation (Who’s partnered with Qubes) has developed “DangerZone” for converting worrisome documents (not sure if they were inspired by Top Gun or Archer on the name).