NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

The Evolution of Expressing and Exchanging Cyber-investigation Information in a Standardized Form

Published

Author(s)

Eoghan Casey, Sean Barnum, Ryan Griffith, Jonathan Snyder, Harm van Beek, Alexander J. Nelson

Abstract

This paper describes the evolution of a community-developed, standardized specification language for representing and exchanging information in the broadest possible range of cyber-investigation domains, including digital forensic science, incident response, and counter terrorism. A primary motivation for this community driven initiative is interoperability - to enable the exchange of cyber-investigation information between tools, organizations, and countries. The CASE (Cyber-investigation Analysis Standard Expression) specification language and UCO (Unified Cyber Ontology) are a rational progression from the foundational work on Digital Forensic Analysis eXpression (DFAX), which focused on digital forensic information and provenance context. This paper provides a brief history of CASE and UCO, followed by an overview of the ontology and specification language.
Citation
Handling and Exchanging Electronic Evidence Across Europe
Volume
39
Publisher Info
Springer-Verlag New York, Inc., New York, NY
Pub Type
Book Chapters

Download Paper

https://doi.org/10.1007/978-3-319-74872-6
Local Download

Keywords

cyber investigations, interchange language
Digital evidence and Cybersecurity and privacy

Citation

Casey, E. , Barnum, S. , Griffith, R. , Snyder, J. , van Beek, H. and Nelson, A. (2018), The Evolution of Expressing and Exchanging Cyber-investigation Information in a Standardized Form, Handling and Exchanging Electronic Evidence Across Europe, Springer-Verlag New York, Inc., New York, NY, [online], https://doi.org/10.1007/978-3-319-74872-6, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=922815 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 9, 2018, Updated October 12, 2021
Was this page helpful?