The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form
Details
Download: 922815.pdf (2818.96 [Ko])
State: Public
Version: author
State: Public
Version: author
Serval ID
serval:BIB_CECAA8060AC5
Type
A part of a book
Publication sub-type
Chapter: chapter ou part
Collection
Publications
Institution
Title
The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form
Title of the book
Law, Governance and Technology Series
Publisher
Springer International Publishing
ISBN
9783319748719
9783319748726
9783319748726
ISSN
2352-1902
2352-1910
2352-1910
Publication state
Published
Issued date
2018
Pages
43-58
Language
english
Notes
in Handling and Exchanging Electronic Evidence Across Europe
Abstract
The growing number of investigations involving digital traces from various data sources is driving the demand for a standard way to represent and exchange pertinent information. Enabling automated combination and correlation of cyber-investigation information from multiple systems or organizations enables more efficient and comprehensive analysis, reducing the risk of mistakes and missed opportunities. These needs are being met by the evolving open-source, community-developed specification language called CASE, the Cyber-investigation Analysis Standard Expression. CASE leverages the Unified Cyber Ontology (UCO), which abstracts and expresses concepts that are common across multiple domains. This paper introduces CASE and UCO, explaining how they improve upon prior related work. The value of fully-structured data, representing provenance, and action lifecycles are discussed. The guiding principles of CASE and UCO are presented, and illustrative examples of CASE are provided using the default JSON-LD serialization.
Publisher's website
Create date
15/01/2019 20:46
Last modification date
21/08/2019 6:10