At a meeting hosted by Europol's European Cybercrime Centre (EC3) in The Hague this week several of the EU's leading digital forensic experts joined together to call for adoption of the Cyber-investigation Analysis Standard Expression (CASE) as a standard digital forensic format.
Cyber-investigation Analysis Standard Expression (CASE) is intended to enable standardised aggregation of results from different digital forensic software tools used to extract, parse and analyse information on a hard drive or a mobile phone.
In a press release, EC3's Forensic Lab explains that it was able to convince the vast majority of the market leaders to adopt this open-source data format for forensics, a move it describes as “a game changer in the specialised field of forensic analysis.”
CASE is a community-developed standard format, defined as a profile of the Unified Cyber Ontology (UCO). It is reported to leverage contextually relevant components of the UCA; extending, constraining or renaming them as appropriate. CASE is specified at a semantic level and supports various serialisations, its default serialisation being JSON-LD.
In its release EC3 confirms that the following organisations are currently looking into implementing the standard:
- Access data
- Guidance software
- I2 – IBM
- Magnet forensic
- Mobile edit
- Network miner