The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form

Casey, Eoghan; Barnum, Sean; Griffith, Ryan; Snyder, Jonathan; Beek, H.M.A. van; Nelson, Alexander J.

doi:10.1007/978-3-319-74872-6_4

Cited by 7 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Few approaches exist for representing and exchanging cyber-investigation data when combining data sources from diverse organizations or dealing with large amounts of data from multiple tools. Casey et al [ 31 ] used an open community-developed specification language called Cyber-Investigation Analysis Standard Expression (CASE) to address this need for information exchange and tool interoperability. The outcome demonstrated a proof-of-concept Application Program Interface (API) to facilitate CASE tool implementation.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Multi-Layer Semantic Approach for Digital Forensics Automation for Online Social Networks

Arshad

Abdullah

Alawida

et al. 2022

Sensors

View full text Add to dashboard Cite

Currently, law enforcement and legal consultants are heavily utilizing social media platforms to easily access data associated with the preparators of illegitimate events. However, accessing this publicly available information for legal use is technically challenging and legally intricate due to heterogeneous and unstructured data and privacy laws, thus generating massive workloads of cognitively demanding cases for investigators. Therefore, it is critical to develop solutions and tools that can assist investigators in their work and decision making. Automating digital forensics is not exclusively a technical problem; the technical issues are always coupled with privacy and legal matters. Here, we introduce a multi-layer automation approach that addresses the automation issues from collection to evidence analysis in online social network forensics. Finally, we propose a set of analysis operators based on domain correlations. These operators can be embedded in software tools to help the investigators draw realistic conclusions. These operators are implemented using Twitter ontology and tested through a case study. This study describes a proof-of-concept approach for forensic automation on online social networks.

show abstract

Section: Related Workmentioning

confidence: 99%

“…The outcome demonstrated a proof-of-concept Application Program Interface (API) to facilitate CASE tool implementation. Thus, community members can develop and implement CASE and the Unified Cyber Ontology (UCO) [ 31 ]. However, these approaches are focused on unifying and structuring the evidence data for exchange purposes.…”

Section: Related Workmentioning

confidence: 99%

A Multi-Layer Semantic Approach for Digital Forensics Automation for Online Social Networks

Arshad

Abdullah

Alawida

et al. 2022

Sensors

View full text Add to dashboard Cite

show abstract

“…Indeed AI techniques could potentially assist any time there is a need to correlate data from multiple sources, either from multiple suspects, devices or cases. Non-AI based efforts such as standard form of representations, e.g., CASE [18] will be critical for such efforts.…”

Section: Future Directionsmentioning

confidence: 99%

SoK

Hargreaves

Sheppard

et al. 2020

Proceedings of the 15th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Multi-year digital forensic backlogs have become commonplace in law enforcement agencies throughout the globe. Digital forensic investigators are overloaded with the volume of cases requiring their expertise compounded by the volume of data to be processed. Artificial intelligence is often seen as the solution to many big data problems. This paper summarises existing artificial intelligence based tools and approaches in digital forensics. Automated evidence processing leveraging artificial intelligence based techniques shows great promise in expediting the digital forensic analysis process while increasing case processing capacities. For each application of artificial intelligence highlighted, a number of current challenges and future potential impact is discussed.

show abstract

“…The CASE framework and its compatibility with the underlying Unified Cyber Ontology (UCO) [29] are based on years long effort for enabling open ICT ecosystems in different security domains and the development of knowledge-based tools 6 .…”

Section: III Semantic Interoperability: Case and Wandamentioning

confidence: 99%

Standard Representation for Digital Forensic Processing

Stoykova

Franke

2020

2020 13th International Conference on Systematic Approaches to Digital Forensic Engineering (SADFE)

View full text Add to dashboard Cite

This paper discusses the lack of reliability and reproducibility validation in digital forensics for a criminal trial. It is argued that this challenge can be addressed with standard data-representation for digital evidence. The representation must include reproducibility documentation on processing operations including automation, human interaction, and investigation steps. Analyzed are two blueprint articlesthe CASE specification language for cyber-investigations [1] and the WANDA data standard for the documenting semi-automated hand-writing examination [2]. These two generic frameworks are studied for their granularity to support reproducibility testing by representing: (i) artefact characteristics, forensictool parameters and input -output logic; (ii) human and tool data interpretation; and (iii) parallel-running forensic tasks or chains of processes. Proposed is the integration of WANDA-based schema as CASE expression. The utility of such integration is demonstrated as a new module in CASE designed to meet the high standard of proof and scientific validation typically required in criminal investigations and trials. The expression ensures compliance without overburdening digital forensic practitioners.

show abstract

The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form

Cited by 7 publications

References 10 publications

A Multi-Layer Semantic Approach for Digital Forensics Automation for Online Social Networks

A Multi-Layer Semantic Approach for Digital Forensics Automation for Online Social Networks

SoK

Standard Representation for Digital Forensic Processing

Contact Info

Product

Resources

About