The Evolution of Expressing and Exchanging Cyber-investigation Information in a Standardized Form

Published: July 10, 2018

Author(s)

Eoghan Casey, Sean Barnum, Ryan Griffith, Jonathan Snyder, Harm van Beek, Alexander J. Nelson

Abstract

This paper describes the evolution of a community-developed, standardized specification language for representing and exchanging information in the broadest possible range of cyber-investigation domains, including digital forensic science, incident response, and counter terrorism. A primary motivation for this community driven initiative is interoperability - to enable the exchange of cyber-investigation information between tools, organizations, and countries. The CASE (Cyber-investigation Analysis Standard Expression) specification language and UCO (Unified Cyber Ontology) are a rational progression from the foundational work on Digital Forensic Analysis eXpression (DFAX), which focused on digital forensic information and provenance context. This paper provides a brief history of CASE and UCO, followed by an overview of the ontology and specification language.
Citation: Handling and Exchanging Electronic Evidence Across Europe
Volume: 39
Publisher Info: Springer-Verlag New York, Inc., New York, NY
Pub Type: Book Chapters

Keywords

cyber investigations, interchange language
Created July 10, 2018, Updated November 10, 2018