Getting Started just the basics


About CASE

Cyber-investigation Analysis Standard Expression (CASE) supports cyber-investigations in any context, including criminal, corporate and intelligence. In cyber-investigations, the primary observable object being analyzed is characterized by associated Facets.

CASE uses Facets to represent various attributes of the associated Observable Object, including data sources (mobile devices, storage media, memory) and well-known digital objects such as files and folders, messages (email, chat), documents (PDF, Word), multimedia (pictures, video, audio) and logs (browser history, events).

CASE is an extension of the Unified Cyber Ontology (UCO), which defines classes of cyber objects (e.g., items, tools, people, places), the relations to other cyber objects, provenance of items and actions taken in an action life-cycle. The CASE domain of discourse is focused on "investigation" concentrated on Observable Objects and their associated Facets, whereas the UCO serves as an ontological foundation for modeling the broader cyber-domain, treating observable cyber-items and their associated facets more generally.

Use cases include:

The project roadmap, updated quarterly as progress is made, is viewable here.


Site Navigation

Websites & Email
Framework Tools
Mappings
Proof-of-Concept Tool Integrations
Ontological Exploration Tools

Scope

It is unnecessary to know everything about the ontology if focused on domain-specific ontology refinement, or mapping/adoption concerning a specific tool. Determine your scope below and then read the pertinent guide to further understand the details, organization, and workflow of participating in the CASE community under that role.

If not familiar with ontologies, the Ontology Components Wikipedia page, OWL2 primer, and Ontology 101 document will help create a conceptual foundation that will enable better communication with the community/teams and clarify the connected parts present between the ontology's specification (structure/design), it's content (vocabulary, encoded in Turtle or other formats), and the Python API (usage of the defined vocabulary to create validated objects for import/export into JSON-LD).

Request to join the CASE Community by visiting the Membership Application page. At your request, you will be added to the respective Github Teams, Mailing Lists and additional resources.

Roles
Ontologists
Responsibilities:

  • Have a deep understanding of the goals of CASE and how representing information differently best achieves them
  • Collaborate with individuals/organizations who have domain-specific knowledge to draft proposals
  • Create and review Github issues to propose ontology changes to the objects/properties in the Natural Language Glossary based on gaps, ambiguities, and improvements noted by Mappers. To learn more about proposals and voting, please see the Community Bylaws.

Mappers
Responsibilities:

  • Have an understanding of which CASE objects should be used to represent which types of information and when unsure consult Ontologists
  • Collaborate with Adopters to note inadequacies for Ontologists to review
  • Map internal/proprietary objects from Adopters' tools to the correct CASE objects (while guiding namespace usage)
  • Create Github issues for inadequacies so that CASE community discussion can occur (and continue until possible options are identified for representing the data, then a proposal is put forth by the Ontologists team)

Adopters
Responsibilities:

  • Have an understanding of their use cases
  • Collaborate with Mappers to map objects in their tools to CASE objects
  • Integrate the CASE API into their tool
  • Create Github issues for bugs in the CASE API and supporting tools, or that are tool-specific
  • Participate in discussions on Github issues concerning data representation as CASE community members
  • If a member of your organization is contributing to CASE ontology development because of domain-specific knowledge they should do this via emailing cyberinvestigationexpress@gmail.com to join the Ontologists team, or discuss one-on-one so that Ontologists and Mappers can shepherd the concept through (only Mappers or Ontologists should make Github issues for something not tool-specific)

Discussors
Responsibilities:

  • Core/active members should have read the above for understanding roles and workflow organization. However, to simply add your two-cents to ontology evolution please visit the Issues tab and filter on the Community-FeedbackNeeded and Community-Vote labels (all labels can be found here)


see CASE in action
Examples

Go Now
contribute, report issues, ask a question
Contact

Go Now

learn more about community officials
Governance

Go Now
legal use of CASE
Licensing

Apache 2.0