Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Introduction: Opportunities and Challenges for Electronic Evidence Kapitel lesen Erstes Kapitel lesen

2018 | OriginalPaper | Buchkapitel

4. The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form

verfasst von : Eoghan Casey, Sean Barnum, Ryan Griffith, Jonathan Snyder, Harm van Beek, Alex Nelson

Erschienen in: Handling and Exchanging Electronic Evidence Across Europe

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

The growing number of investigations involving digital traces from various data sources is driving the demand for a standard way to represent and exchange pertinent information. Enabling automated combination and correlation of cyber-investigation information from multiple systems or organizations enables more efficient and comprehensive analysis, reducing the risk of mistakes and missed opportunities. These needs are being met by the evolving open-source, community-developed specification language called CASE, the Cyber-investigation Analysis Standard Expression. CASE leverages the Unified Cyber Ontology (UCO), which abstracts and expresses concepts that are common across multiple domains. This paper introduces CASE and UCO, explaining how they improve upon prior related work. The value of fully-structured data, representing provenance, and action lifecycles are discussed. The guiding principles of CASE and UCO are presented, and illustrative examples of CASE are provided using the default JSON-LD serialization.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel e-Evidence and Access to Data in the Cloud Results of the Cloud Evidence Group of the Cybercrime Convention Committee
Nächstes Kapitel “All Along the Watchtower”: Matters Not Yet Solved Regarding Communication Interception Systems and Electronic Data Retained on Foreign Servers
Fußnoten
1
For more technical details, design decisions, and comprehensive examples, see Casey et al. (2017).
 
3
Linkage blindness is a term coined by a criminologist Steve Egger in the context of serial homicides to describe the failure to recognize a pattern that links one crime to another, such as crimes committed by the same offender in different jurisdictions (Egger, 1984).
 
4
Duck typing allows data to be defined by its inherent characteristics rather than enforcing strict data typing. CASE objects can be assigned any rational combination of property bundles, such as a file that is an image and a thumbnail. When employing this approach, data types are evaluated with the duck test. Simply stated, if it walks like a duck, swims like a duck, quacks like a duck, and looks like a duck, then it probably is a duck.
 
Literatur
Brady O, Overill R, Keppens J (2015) DESO: addressing volume and variety in large-scale criminal cases. J Digit Investig 15:72–82CrossRef
Casey E (2013) Reinforcing the scientific method in digital investigations using a case-based reasoning (CBR) system. PhD Dissertation, University College Dublin
Casey E, Back G, Barnum S (2015) Leveraging CybOX to standardize representation and exchange of digital forensic information. In: Proceedings of the 2nd annual DFRWS EU conference. Digital investigation, vol. 12(1)CrossRef
Casey E, Barnum S, Griffith R, Snyder J, Beek H, Nelson A (2017) Advancing coordinated cyber-investigations and tool interoperability using a community developed specification language. J Digit Investig 22:14–45CrossRef
Casey E, Biasiotti MA, Turchi F (2017) Using standardization and ontology to enhance data protection and intelligent analysis of electronic evidence. In: Proceedings of discovery of electronically stored information workshop (DESI VII), ICAIL 2017. Available at https://​www.​umiacs.​umd.​edu/​~oard/​desi7
Cosic J, Baca M (2015) Leveraging DEMF to ensure and represent 5ws&1h in digital forensic domain. Int J Comput Sci 13(2):7–10
Egger SA (1984) A working definition of serial murder and the reduction of linkage blindness. J Police Sci Admin 12(3):348–357
Garfinkel SL (2009) Automating disk forensic processing with SleuthKit, XML and Python. In: Proceeding of systematic approaches to digital forensics engineering (IEEE/SADFE 2009), Oakland, CA
Garfinkel SL (2012) Digital forensics XML and the DFXML toolset. J Digit Investig 8:161–174CrossRef
Lanthaler M, Gütl C (2012) On using JSON-LD to create evolvable RESTful services. In: Proceedings of the 3rd international workshop on RESTful design (WS-REST 2012) at WWW2012, Lyon. ACM, New York, pp 25–32CrossRef
Margot P (2011) Forensic science on trial - what is the law of the land? Aust J Forensic Sci 43(2–3):89–103CrossRef
Nelson AJ, Steggall EQ, Long DDE (2014) Cooperative mode: comparative storage metadata verification applied to the Xbox 360. In: Proceedings of the 14th annual DFRWS USA conference. J Digit Investig, vol 11(1)
Office of the Director of National Intelligence (2017) XML data encoding specification for intelligence document and media exploitation. https://​www.​dni.​gov/​index.​php/​about/​organization/​chief-information-officer/​information-security-marking-access?​id=​1204. Accessed 15 Mar 2017
Turnbull B, Randhawab S (2015) Automated event and social network extraction from digital evidence sources with ontological mapping. J Digit Investig 13:94–106CrossRef
van Baar RB, van Beek HMA, van Eijk EJ (2014) Digital forensics as a service: a game changer. In: Proceedings of the 1st annual DFRWS EU conference. J Digit Investig, vol 11(S1): S1–S120
van Beek HMA, van Eijk EJ, van Baar RB, Ugen M, Bodde JNC, Siemelink AJ (2015) Digital forensics as a service: game on. J Digit Investig (Special Issue on Big Data and Intelligent Data Analysis) 15:20–38
Metadaten
Titel
The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form
verfasst von
Eoghan Casey
Sean Barnum
Ryan Griffith
Jonathan Snyder
Harm van Beek
Alex Nelson
Copyright-Jahr
2018
Buch
Handling and Exchanging Electronic Evidence Across Europe

Print ISBN: 978-3-319-74871-9

Electronic ISBN: 978-3-319-74872-6

Copyright-Jahr: 2018

DOI
https://doi.org/10.1007/978-3-319-74872-6_4