Cyber-investigation Analysis Standard Expression (CASE)

Read the CASE Wiki tab to learn everything you need to know about the Cyber-investigation Analysis Standard Expression (CASE) ontology. For learning about the Unified Cyber Ontology, CASE's parent, see UCO.



  1. python install
  2. Import and into the file you plan to implement CASE. &

The Natural Language Glossary (NLG) is an alphabetical list of types of CASE classes (categories of CASE types). The functions in create CASE objects (instances of such types) while automatically checking ontology and type. The API ( could be used directly to create non-typed objects if ontology and type checking are not requirements. However, we advise against this to maintain consistency across community usage of the ontology.

Note that different versions of the NLG exist for different realizations of the Unified Cyber Ontology. The human legible NLG corresponding to this version of CASE (one realization of UCO) can be found here:

The API wraps RDFLib for a JSON-LD schematic. This verison is only directly adoptable via Python but JSON-LD is also supported in Javascript, PHP, Ruby, Java, C#, and Go.


The example folder contains a slimmed down NLG, for an understanding of some of the basic function variations that exist, as well as a template for all types of conditions checked by the NLG functions.

NLG Autogeneration (only for CASE team to manage API)

Note that currently the script will not function properly because v0.1.0 of CASE does not have a cardinality field for each object and property. When this is added the script will be stable and in the outputs folder will not have missing body checks.

Dependency: Ontospy

When CASE's base specification (Turtle files) changes this script can be used to automatically regenerate the functions for the next release. Therefore, this should only be run by the CASE team - eventually it will move to a new (possibly backend) repo where a CI/CD framework is placed.

To run Ontospy must be installed, and the Turtle files combined into one. Then run python <path-to-turtle-file>. (Note there is a ToDo list in the file so that it can align with changes that may occur in the API, as well as other add new features such as better CLI flags, a CSV export of all object names and properties for the Ontologists and Mappers teams to use for quick reference, etc.)

I have a question!

Before you post a Github issue or send an email ensure you've done this checklist:

  1. Determined scope of your task. It is not necessary for most parties to understand all aspects of the ontology, mapping methods, and supporting tools.

  2. Familiarize yourself with the labels and search the Issues tab. Typically, only light-blue and red labels should be used by non-admin Github users while the others should be used by CASE Github admins. All but the red Project labels are found in every casework repository.