Cyber-investigation Analysis Standard Expression (CASE)
Read the CASE Wiki tab to learn everything you need to know about the Cyber-investigation Analysis Standard Expression (CASE) ontology. For learning about the Unified Cyber Ontology, CASE's parent, see UCO.
CASE Plaso implementation
Note: This POC is not ontology-correct! However, it attempts to adhere to v0.1.0 of CASE.
This is an implementation of exporting plaso storage files into an RDF graph following the CASE ontology.
Install the case API
git clone https://github.com/casework/CASE-Python-API.git pip install CASE-Python-API
Then clone and install requirements.txt
git clone https://github.com/casework/CASE-Plaso-Implementation.git cd CASE-Plaso-Implementation pip install -r requirements.txt
Pass the storage file created by the log2timeline tool into the "case_plaso" tool:
python case_plaso_export.py myimage.bin.plaso output.json --format json-ld
I have a question!
Before you post a Github issue or send an email ensure you've done this checklist:
Determined scope of your task. It is not necessary for most parties to understand all aspects of the ontology, mapping methods, and supporting tools.
Familiarize yourself with the labels and search the Issues tab. Typically, only light-blue and red labels should be used by non-admin Github users while the others should be used by CASE Github admins. All but the red
Projectlabels are found in every