Motivation This paper describes the evolution of a community-developed, standardized specification language for representing and exchanging information in the broadest possible range of cyber-investigation domains, including digital forensic science, incident response, and counter terrorism. This initiative was originally called the Digital Forensic Analysis eXpression (DFAX), which has evolved into the Cyber-investigation Analysis Standard Expression (CASE). These standardization efforts include development of the Unified Cyber Ontology (UCO) to provide the scaffolding necessary to satisfy the requirements of a wide range of use cases in multiple specializations. A primary motivation for this community driven initiative is interoperability-to enable the exchange of cyber-investigation information between tools, organizations, and countries. The CASE specification language and UCO ontology are a rational progression from the foundational work on Digital Forensic Analysis eXpression (DFAX), which focused on digital forensic information and provenance context (Casey, Back, Barnum, 2015). "When investigating a single incident, being able to combine the results from multiple tools that are used to extract information from the digital evidence supports forensic reconstruction, including timeline creation and link analysis. In addition, being able to automate the comparison of similar results from multiple tools facilitates dual-tool verification. When crime spans borders, sharing of information between investigative agencies is crucial for a successful resolution. A fundamental requirement in digital forensics is to maintain information about evidence provenance as it is exchanged and processed, to help establish authenticity and trustworthiness. Furthermore, without a standardized approach to representing and sharing digital forensic information, investigators in different jurisdictions may never know that they are investigating crimes committed by the same criminal."