Cyber-investigation Analysis Standard Expression (CASE)

Read the Wiki tab to learn everything you need to know about the Cyber-investigation Analysis Standard Expression (CASE) ontology. For learning about the Unified Cyber Ontology, CASE's parent, see UCO.

Examples in this Repository

These will eventually be moved to the Wiki (likely Mapping Guide). Mapping notes & respective JSON-LD output: - Bulk Extractor Forensic Path (info) - Call Log - Device - Email - EXIF Data - Files (info) - Forensic Lifecycle - Location - Message - Multipart File (info) - Oresteia (info) - Raw Data - Reconstructed File (info) - SMS and Contacts

I have a question!

Before you post a Github issue or send an email ensure you've done this checklist:

  1. Determined scope of your task. It is not necessary for most parties to understand all aspects of the ontology, mapping methods, and supporting tools.

  2. Familiarize yourself with the labels and search the Issues tab. Typically, only light-blue and red labels should be used by non-admin Github users while the others should be used by CASE Github admins. All but the red Project labels are found in every casework repository.