The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form

Détails

Ressource 1Télécharger: 922815.pdf (2818.96 [Ko])
Etat: Public
Version: de l'auteur
ID Serval
serval:BIB_CECAA8060AC5
Type
Partie de livre
Sous-type
Chapitre: chapitre ou section
Collection
Publications
Institution
Titre
The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form
Titre du livre
Law, Governance and Technology Series
Auteur(s)
Casey Eoghan, Barnum Sean, Griffith Ryan, Snyder Jonathan, van Beek Harm, Nelson Alex
Editeur
Springer International Publishing
ISBN
9783319748719
9783319748726
ISSN
2352-1902
2352-1910
Statut éditorial
Publié
Date de publication
2018
Pages
43-58
Langue
anglais
Notes
in Handling and Exchanging Electronic Evidence Across Europe
Résumé
The growing number of investigations involving digital traces from various data sources is driving the demand for a standard way to represent and exchange pertinent information. Enabling automated combination and correlation of cyber-investigation information from multiple systems or organizations enables more efficient and comprehensive analysis, reducing the risk of mistakes and missed opportunities. These needs are being met by the evolving open-source, community-developed specification language called CASE, the Cyber-investigation Analysis Standard Expression. CASE leverages the Unified Cyber Ontology (UCO), which abstracts and expresses concepts that are common across multiple domains. This paper introduces CASE and UCO, explaining how they improve upon prior related work. The value of fully-structured data, representing provenance, and action lifecycles are discussed. The guiding principles of CASE and UCO are presented, and illustrative examples of CASE are provided using the default JSON-LD serialization.
Site de l'éditeur
Création de la notice
15/01/2019 21:46
Dernière modification de la notice
21/08/2019 7:10
Données d'usage