Authors: Cory Hall, CASE
DFRWS USA 2020
Time: 4 hours
Digital investigations are complex undertakings collecting and analyzing information from a diverse range of sources and in this complexity, defensible findings are often-times hard to create. As a community, we use various tools and information sources that offer different and overlapping capabilities, and we manually combine findings from these tools and sources in an effort to develop a full understanding of the digital evidence at hand. Our community needs a standard way to achieve integrated information interoperability regardless of the type of investigation, authority of the investigator, the tool or source used, or the location of the investigator’s jurisdiction. Interoperability allows not only for the correlation of data between forensic tools, but also for us to augment our cases with additional resources such as Project VIC and other tertiary contextual informational resources.
To achieve this, a cross-section of leaders in our community established the Cyber-investigation Analysis Standard Expression (CASE) and Unified Cyber Ontology (UCO) communities to create this standard approach. Join leaders from these open source communities as they present these coordinated projects and applicable use cases that will help all of us interoperate better in the future to allow our tools to work together, incorporate additional sources of information, and better analysis through sharing and movement of data across the investigation lifecycle. Join us at https://caseontology.org to start contributing towards these standards. At the end of the workshop, attendees will be able to navigate to and understand the online resources provided by both communities for data model to ontology mapping, adoption methodology, and several use cases. They will be given the chance to join the open source efforts if they so choose.