The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2018

AUTHORS

Eoghan Casey , Sean Barnum , Ryan Griffith , Jonathan Snyder , Harm van Beek , Alex Nelson

ABSTRACT

The growing number of investigations involving digital traces from various data sources is driving the demand for a standard way to represent and exchange pertinent information. Enabling automated combination and correlation of cyber-investigation information from multiple systems or organizations enables more efficient and comprehensive analysis, reducing the risk of mistakes and missed opportunities. These needs are being met by the evolving open-source, community-developed specification language called CASE, the Cyber-investigation Analysis Standard Expression. CASE leverages the Unified Cyber Ontology (UCO), which abstracts and expresses concepts that are common across multiple domains. This paper introduces CASE and UCO, explaining how they improve upon prior related work. The value of fully-structured data, representing provenance, and action lifecycles are discussed. The guiding principles of CASE and UCO are presented, and illustrative examples of CASE are provided using the default JSON-LD serialization. More... »

PAGES

43-58

Book

TITLE

Handling and Exchanging Electronic Evidence Across Europe

ISBN

978-3-319-74871-9
978-3-319-74872-6

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-319-74872-6_4

DOI

http://dx.doi.org/10.1007/978-3-319-74872-6_4

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1105140622


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0801", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Artificial Intelligence and Image Processing", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/08", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Information and Computing Sciences", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "University of Lausanne", 
          "id": "https://www.grid.ac/institutes/grid.9851.5", 
          "name": [
            "University of Lausanne"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Casey", 
        "givenName": "Eoghan", 
        "id": "sg:person.07714254417.24", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07714254417.24"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "name": [
            "Mitre Corporation"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Barnum", 
        "givenName": "Sean", 
        "id": "sg:person.015737551453.22", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015737551453.22"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "name": [
            "Department of Defense Cyber Crime Center"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Griffith", 
        "givenName": "Ryan", 
        "id": "sg:person.010032060653.71", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010032060653.71"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "name": [
            "Department of Defense Cyber Crime Center"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Snyder", 
        "givenName": "Jonathan", 
        "id": "sg:person.010627441253.81", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010627441253.81"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Netherlands Forensic Institute", 
          "id": "https://www.grid.ac/institutes/grid.419915.1", 
          "name": [
            "Netherlands Forensic Institute"
          ], 
          "type": "Organization"
        }, 
        "familyName": "van Beek", 
        "givenName": "Harm", 
        "id": "sg:person.016100253145.04", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016100253145.04"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "National Institute of Standards and Technology", 
          "id": "https://www.grid.ac/institutes/grid.94225.38", 
          "name": [
            "National Institute of Standards and Technology"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Nelson", 
        "givenName": "Alex", 
        "id": "sg:person.013615343253.49", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013615343253.49"
        ], 
        "type": "Person"
      }
    ], 
    "citation": [
      {
        "id": "https://doi.org/10.1016/j.diin.2011.11.002", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1002824017"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.diin.2015.07.005", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1007732644"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.diin.2015.04.004", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1007951321"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1145/2307819.2307827", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1010658243"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.diin.2015.10.002", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1017995153"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.diin.2015.01.014", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1020416845"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.diin.2014.05.004", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1023080187"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1080/00450618.2011.555418", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1029027634"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.diin.2017.08.002", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1091353010"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1016/j.diin.2017.08.002", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1091353010"
        ], 
        "type": "CreativeWork"
      }, 
      {
        "id": "https://doi.org/10.1109/sadfe.2009.12", 
        "sameAs": [
          "https://app.dimensions.ai/details/publication/pub.1093186553"
        ], 
        "type": "CreativeWork"
      }
    ], 
    "datePublished": "2018", 
    "datePublishedReg": "2018-01-01", 
    "description": "The growing number of investigations involving digital traces from various data sources is driving the demand for a standard way to represent and exchange pertinent information. Enabling automated combination and correlation of cyber-investigation information from multiple systems or organizations enables more efficient and comprehensive analysis, reducing the risk of mistakes and missed opportunities. These needs are being met by the evolving open-source, community-developed specification language called CASE, the Cyber-investigation Analysis Standard Expression. CASE leverages the Unified Cyber Ontology (UCO), which abstracts and expresses concepts that are common across multiple domains. This paper introduces CASE and UCO, explaining how they improve upon prior related work. The value of fully-structured data, representing provenance, and action lifecycles are discussed. The guiding principles of CASE and UCO are presented, and illustrative examples of CASE are provided using the default JSON-LD serialization.", 
    "editor": [
      {
        "familyName": "Biasiotti", 
        "givenName": "Maria Angela", 
        "type": "Person"
      }, 
      {
        "familyName": "Mifsud Bonnici", 
        "givenName": "Jeanne Pia", 
        "type": "Person"
      }, 
      {
        "familyName": "Cannataci", 
        "givenName": "Joe", 
        "type": "Person"
      }, 
      {
        "familyName": "Turchi", 
        "givenName": "Fabrizio", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-319-74872-6_4", 
    "inLanguage": [
      "en"
    ], 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-319-74871-9", 
        "978-3-319-74872-6"
      ], 
      "name": "Handling and Exchanging Electronic Evidence Across Europe", 
      "type": "Book"
    }, 
    "name": "The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form", 
    "pagination": "43-58", 
    "productId": [
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-319-74872-6_4"
        ]
      }, 
      {
        "name": "readcube_id", 
        "type": "PropertyValue", 
        "value": [
          "3711dec0f9a1254705f6a2311f11ee62a1319b950175fa73111151fa01d9f8f7"
        ]
      }, 
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1105140622"
        ]
      }
    ], 
    "publisher": {
      "location": "Cham", 
      "name": "Springer International Publishing", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-319-74872-6_4", 
      "https://app.dimensions.ai/details/publication/pub.1105140622"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2019-04-15T12:13", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-uberresearch-data-dimensions-target-20181106-alternative/cleanup/v134/2549eaecd7973599484d7c17b260dba0a4ecb94b/merge/v9/a6c9fde33151104705d4d7ff012ea9563521a3ce/jats-lookup/v90/0000000001_0000000264/records_8660_00000604.jsonl", 
    "type": "Chapter", 
    "url": "http://link.springer.com/10.1007/978-3-319-74872-6_4"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-74872-6_4'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-74872-6_4'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-74872-6_4'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-319-74872-6_4'


 

This table displays all metadata directly associated to this object as RDF triples.

157 TRIPLES      23 PREDICATES      37 URIs      20 LITERALS      8 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-319-74872-6_4 schema:about anzsrc-for:08
2 anzsrc-for:0801
3 schema:author N68eb4aab2baa41bea7af10b7a97af521
4 schema:citation https://doi.org/10.1016/j.diin.2011.11.002
5 https://doi.org/10.1016/j.diin.2014.05.004
6 https://doi.org/10.1016/j.diin.2015.01.014
7 https://doi.org/10.1016/j.diin.2015.04.004
8 https://doi.org/10.1016/j.diin.2015.07.005
9 https://doi.org/10.1016/j.diin.2015.10.002
10 https://doi.org/10.1016/j.diin.2017.08.002
11 https://doi.org/10.1080/00450618.2011.555418
12 https://doi.org/10.1109/sadfe.2009.12
13 https://doi.org/10.1145/2307819.2307827
14 schema:datePublished 2018
15 schema:datePublishedReg 2018-01-01
16 schema:description The growing number of investigations involving digital traces from various data sources is driving the demand for a standard way to represent and exchange pertinent information. Enabling automated combination and correlation of cyber-investigation information from multiple systems or organizations enables more efficient and comprehensive analysis, reducing the risk of mistakes and missed opportunities. These needs are being met by the evolving open-source, community-developed specification language called CASE, the Cyber-investigation Analysis Standard Expression. CASE leverages the Unified Cyber Ontology (UCO), which abstracts and expresses concepts that are common across multiple domains. This paper introduces CASE and UCO, explaining how they improve upon prior related work. The value of fully-structured data, representing provenance, and action lifecycles are discussed. The guiding principles of CASE and UCO are presented, and illustrative examples of CASE are provided using the default JSON-LD serialization.
17 schema:editor Na515345230884152ae1d7af3a3399060
18 schema:genre chapter
19 schema:inLanguage en
20 schema:isAccessibleForFree false
21 schema:isPartOf N8f7047a5674445a2b93d4bfdf420c643
22 schema:name The Evolution of Expressing and Exchanging Cyber-Investigation Information in a Standardized Form
23 schema:pagination 43-58
24 schema:productId N1f8aa4da28434e09b971310874ab9de0
25 N9ff4edc174bf432f8c2639a1d0434cc8
26 Nff332afd595647b08e44401a9e3b72c8
27 schema:publisher N374361f2922440b1aaab97280dcb7ac7
28 schema:sameAs https://app.dimensions.ai/details/publication/pub.1105140622
29 https://doi.org/10.1007/978-3-319-74872-6_4
30 schema:sdDatePublished 2019-04-15T12:13
31 schema:sdLicense https://scigraph.springernature.com/explorer/license/
32 schema:sdPublisher N0574e8658353409683ef4b872ca75067
33 schema:url http://link.springer.com/10.1007/978-3-319-74872-6_4
34 sgo:license sg:explorer/license/
35 sgo:sdDataset chapters
36 rdf:type schema:Chapter
37 N0574e8658353409683ef4b872ca75067 schema:name Springer Nature - SN SciGraph project
38 rdf:type schema:Organization
39 N05a42b8510f0459e80b6a2c86e2e3125 rdf:first sg:person.010627441253.81
40 rdf:rest N396f894e63fd4134b19294afe10f1f2e
41 N1ba1f06b30ef4397a701df2fca8a5ddf rdf:first N39d0d1fc61aa4f01a339f9247ea674a3
42 rdf:rest rdf:nil
43 N1f8aa4da28434e09b971310874ab9de0 schema:name doi
44 schema:value 10.1007/978-3-319-74872-6_4
45 rdf:type schema:PropertyValue
46 N2c1ff62a868e40b9b639910b6af5e004 rdf:first Nbe7e453f146a4552bfa726386e20cefb
47 rdf:rest N1ba1f06b30ef4397a701df2fca8a5ddf
48 N30ecc34d731c4e89b4d6acdec572b276 rdf:first N52c90059c7094697979a1e98099f78ef
49 rdf:rest N2c1ff62a868e40b9b639910b6af5e004
50 N374361f2922440b1aaab97280dcb7ac7 schema:location Cham
51 schema:name Springer International Publishing
52 rdf:type schema:Organisation
53 N396f894e63fd4134b19294afe10f1f2e rdf:first sg:person.016100253145.04
54 rdf:rest N3b80674675fa49a7b8838e431f6183d4
55 N39d0d1fc61aa4f01a339f9247ea674a3 schema:familyName Turchi
56 schema:givenName Fabrizio
57 rdf:type schema:Person
58 N3b80674675fa49a7b8838e431f6183d4 rdf:first sg:person.013615343253.49
59 rdf:rest rdf:nil
60 N3bb9a0acc6d543948116bdd309006ad8 rdf:first sg:person.015737551453.22
61 rdf:rest Nddef9613f469464daa396c236bbcd427
62 N52c90059c7094697979a1e98099f78ef schema:familyName Mifsud Bonnici
63 schema:givenName Jeanne Pia
64 rdf:type schema:Person
65 N68eb4aab2baa41bea7af10b7a97af521 rdf:first sg:person.07714254417.24
66 rdf:rest N3bb9a0acc6d543948116bdd309006ad8
67 N8f7047a5674445a2b93d4bfdf420c643 schema:isbn 978-3-319-74871-9
68 978-3-319-74872-6
69 schema:name Handling and Exchanging Electronic Evidence Across Europe
70 rdf:type schema:Book
71 N976124f103224bedb19be29af3df286d schema:familyName Biasiotti
72 schema:givenName Maria Angela
73 rdf:type schema:Person
74 N9ff4edc174bf432f8c2639a1d0434cc8 schema:name readcube_id
75 schema:value 3711dec0f9a1254705f6a2311f11ee62a1319b950175fa73111151fa01d9f8f7
76 rdf:type schema:PropertyValue
77 Na515345230884152ae1d7af3a3399060 rdf:first N976124f103224bedb19be29af3df286d
78 rdf:rest N30ecc34d731c4e89b4d6acdec572b276
79 Nbe534e67413243bfa52ab173e809503e schema:name Mitre Corporation
80 rdf:type schema:Organization
81 Nbe7e453f146a4552bfa726386e20cefb schema:familyName Cannataci
82 schema:givenName Joe
83 rdf:type schema:Person
84 Nd0359ac869a84e548c0db60c62e5a547 schema:name Department of Defense Cyber Crime Center
85 rdf:type schema:Organization
86 Ndb4fafbcc7d249b29d3c02b5f8287cc6 schema:name Department of Defense Cyber Crime Center
87 rdf:type schema:Organization
88 Nddef9613f469464daa396c236bbcd427 rdf:first sg:person.010032060653.71
89 rdf:rest N05a42b8510f0459e80b6a2c86e2e3125
90 Nff332afd595647b08e44401a9e3b72c8 schema:name dimensions_id
91 schema:value pub.1105140622
92 rdf:type schema:PropertyValue
93 anzsrc-for:08 schema:inDefinedTermSet anzsrc-for:
94 schema:name Information and Computing Sciences
95 rdf:type schema:DefinedTerm
96 anzsrc-for:0801 schema:inDefinedTermSet anzsrc-for:
97 schema:name Artificial Intelligence and Image Processing
98 rdf:type schema:DefinedTerm
99 sg:person.010032060653.71 schema:affiliation Nd0359ac869a84e548c0db60c62e5a547
100 schema:familyName Griffith
101 schema:givenName Ryan
102 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010032060653.71
103 rdf:type schema:Person
104 sg:person.010627441253.81 schema:affiliation Ndb4fafbcc7d249b29d3c02b5f8287cc6
105 schema:familyName Snyder
106 schema:givenName Jonathan
107 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.010627441253.81
108 rdf:type schema:Person
109 sg:person.013615343253.49 schema:affiliation https://www.grid.ac/institutes/grid.94225.38
110 schema:familyName Nelson
111 schema:givenName Alex
112 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.013615343253.49
113 rdf:type schema:Person
114 sg:person.015737551453.22 schema:affiliation Nbe534e67413243bfa52ab173e809503e
115 schema:familyName Barnum
116 schema:givenName Sean
117 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015737551453.22
118 rdf:type schema:Person
119 sg:person.016100253145.04 schema:affiliation https://www.grid.ac/institutes/grid.419915.1
120 schema:familyName van Beek
121 schema:givenName Harm
122 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.016100253145.04
123 rdf:type schema:Person
124 sg:person.07714254417.24 schema:affiliation https://www.grid.ac/institutes/grid.9851.5
125 schema:familyName Casey
126 schema:givenName Eoghan
127 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.07714254417.24
128 rdf:type schema:Person
129 https://doi.org/10.1016/j.diin.2011.11.002 schema:sameAs https://app.dimensions.ai/details/publication/pub.1002824017
130 rdf:type schema:CreativeWork
131 https://doi.org/10.1016/j.diin.2014.05.004 schema:sameAs https://app.dimensions.ai/details/publication/pub.1023080187
132 rdf:type schema:CreativeWork
133 https://doi.org/10.1016/j.diin.2015.01.014 schema:sameAs https://app.dimensions.ai/details/publication/pub.1020416845
134 rdf:type schema:CreativeWork
135 https://doi.org/10.1016/j.diin.2015.04.004 schema:sameAs https://app.dimensions.ai/details/publication/pub.1007951321
136 rdf:type schema:CreativeWork
137 https://doi.org/10.1016/j.diin.2015.07.005 schema:sameAs https://app.dimensions.ai/details/publication/pub.1007732644
138 rdf:type schema:CreativeWork
139 https://doi.org/10.1016/j.diin.2015.10.002 schema:sameAs https://app.dimensions.ai/details/publication/pub.1017995153
140 rdf:type schema:CreativeWork
141 https://doi.org/10.1016/j.diin.2017.08.002 schema:sameAs https://app.dimensions.ai/details/publication/pub.1091353010
142 rdf:type schema:CreativeWork
143 https://doi.org/10.1080/00450618.2011.555418 schema:sameAs https://app.dimensions.ai/details/publication/pub.1029027634
144 rdf:type schema:CreativeWork
145 https://doi.org/10.1109/sadfe.2009.12 schema:sameAs https://app.dimensions.ai/details/publication/pub.1093186553
146 rdf:type schema:CreativeWork
147 https://doi.org/10.1145/2307819.2307827 schema:sameAs https://app.dimensions.ai/details/publication/pub.1010658243
148 rdf:type schema:CreativeWork
149 https://www.grid.ac/institutes/grid.419915.1 schema:alternateName Netherlands Forensic Institute
150 schema:name Netherlands Forensic Institute
151 rdf:type schema:Organization
152 https://www.grid.ac/institutes/grid.94225.38 schema:alternateName National Institute of Standards and Technology
153 schema:name National Institute of Standards and Technology
154 rdf:type schema:Organization
155 https://www.grid.ac/institutes/grid.9851.5 schema:alternateName University of Lausanne
156 schema:name University of Lausanne
157 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...