Cyber-investigation Analysis Standard Expression (CASE) is a community-developed evolving standard, which is intended to serve the needs of the broadest possible range of cyber-investigation domains, including digital forensic science, incident response, counter-terrorism, criminal justice, forensic intelligence and situational awareness. For large data files such as forensic duplicates of hard drives or collected network traffic, CASE references rather than stores the large file and describes how to extract specific information. The primary motivation for CASE is interoperability - to advance the exchange of cyber-investigation information between tools and organizations. CASE aligns with and extends the Unified Cyber Ontology (UCO).
The EVIDENCE2eCODEX Project is working on transferring information (electronic evidence) in CASE format between European countries over the secure e-CODEX infrastructure and is one of CASE's first implementation examples.
Follow up the CASE Community online to better understand the standard and its capabilities. The purpose of these online resources is to provide a foundation for broader community involvement in defining what to represent and how.