Authors: Eoghan Casey and Alex Nelson

DFRWS USA 2022

Abstract

CASE (Cyber-investigation Analysis Standard Expression) has gained momentum under the Linux Foundation’s Cyber Domain Ontology project series, and is launching version 1.0.0 in August 2022. Participants in this workshop will learn how to map their data into CASE, develop competency questions for test results, perform validation using SHACL (Shapes Constraint Language), and socialize proposals using GitHub issue templates. This workshop will have interactive participation by attendees with detailed CASE studies of specific tools, including mapping, validation, and customization. Participants will also be introduced to ontology development practices to create a culture of common comprehension and collaborative problem solving with other members of the digital forensic community. This workshop will also explore CASE-Corpora, a community index of available datasets used for testing digital forensic tools and human examiner proficiency.

Bios

Dr. Eoghan Casey teaches and conducts research at the School of Criminal Sciences in University of Lausanne and serves in a strategic leadership role at the DoD Cyber Crime Center (DC3). He is responsible for innovation, enhancing capabilities, strategic collaborations, and advancing standards and practices related to digital forensic science, malware analysis, and cyber threat intelligence (CTI). Dr. Casey has extensive experience working in digital forensic laboratories in the public and private sectors, and he has analyzed many types of digital evidence to support complex cases. He has contributed to development of advanced capabilities for extracting, analyzing, and interpreting digital evidence: Artifact Catalog, SQLite Dissect, and Advanced Carver (Patent no. 16/014067). He has consulted globally with many attorneys, agencies, and police departments on a wide range of digital investigations, and he has helped organizations investigate and recover from severe security breaches, including network intrusions with international scope. Dr. Casey has delivered expert testimony in civil and criminal matters in the United States, Canada, and international tribunals. He has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases. Dr. Casey wrote the foundational book Digital Evidence and Computer Crime, now in its third edition, and he created advanced smartphone forensics courses taught worldwide. He has also coauthored several advanced technical books including Malware Forensics, and the Handbook of Digital Forensics and Investigation. From 2004 – 2020, he was Editor-in-Chief of FSI Digital Investigation, publishing cutting edge work by and for practitioners and researchers. He co-founded an international community initiative, now under the Linux Foundation, to develop and implement the open source Cyber-investigation Analysis Standard Expression (CASE). He serves on the Digital Forensic Research Workshop (DFRWS) Board of Directors.

Dr. Alex Nelson is a Computer Scientist at NIST, working on research in security automation and contributing to the National Vulnerability Database. Dr. Nelson has a dual B.A./B.S. in Mathematics and Computer Science from The Evergreen State College, and a M.S. and Ph.D. in Computer Science from the University of California, Santa Cruz. Dr. Nelson’s research emphasizes foundational measurability of digital forensic processes. Dr. Nelson was the inaugural CASE Ontology Committee Chair, is currently the Ontology Committee Chair for the Unified Cyber Ontology and Vice-Chair of the Technical steering Committee for the Cyber Domain Ontology Project, and Conference Chair of DFRWS-USA 2022.

Note

Users will benefit from having Python 3 on their system.  Administrator privileges will not otherwise be required.
Users may benefit from having Linux or Mac CLI available, e.g. being able to run ‘ls’ and ‘make’.  A compiler will not be necessary.

Downloads