Cyber-investigation Analysis Standard Expression (CASE) is a community-developed evolving standard, which is intended to serve the needs of the broadest possible range of cyber-investigation domains, including digital forensic science, incident response, counter-terrorism, criminal justice, forensic intelligence and situational awareness.
Following the launch of the CASE Community website, a special CASE Specification Workshop was held on 25-27 June 2019 in Rockville, MD 20850, United States. The three-day event was dedicated to:
clarifying the differences between an ontology and data model, examine illustrative examples of CASE/UCO from both an ontology viewpoint and an operational perspective.
defining conceptual deliverables and supporting documentation and tools for CASE version 1.0;
defining operational procedures and the use of supporting (online) tools.
Another specific goal of the workshop is to collect milestones for the road map to version 1.0. By the end of the workshop, it would be decided whether CASE needs to be a formal ontology covering multiple domains or simply a common data model for cyber-investigations. Validation of the current concepts and know how to advance to version 1.0, both methodically and operationally, is also envisaged.
The EVIDENCE2eCODEX Project is working on transferring information (electronic evidence) in CASE format between European countries over the secure e-CODEX infrastructure and is one of CASE's first implementation examples. The project technical team presented the lessons learned from their ontology efforts in both EVIDENCE (2014-2016) and EVIDENCE2e-CODEX (2018-2020) projects.