This repository holds example data illustrating usage of the Cyber-investigation Analysis Standard Expression (CASE) language.
Further illustration can be found at the CASE narratives gallery.
Mapping notes & respective JSON-LD output:
- Accounts (info)
- Analysis (info)
- Bulk Extractor Forensic Path (info)
- Call Log
- Cell Site (info)
- Configured Tool
- Database records (info)
- Device
- EXIF Data
- Event
- Existence intervals (info)
- Files (info)
- Forensic Lifecycle (info)
- Location
- Message (info)
- Mobile device and SIM card (info)
- Multipart File (info)
- Network connection (info)
- Oresteia (info)
- Partitions (info)
- Raw Data (info)
- Reconstructed File (info)
- Recoverability (info)
- SMS and Contacts (info)
- Spear Phishing, scenario drafted by Open Cybersecurity Alliance (info)
This project uses the pre-commit tool for linting the JSON files and ensuring consistent formatting. It can be installed with pip:
pip install pre-commit
pre-commit --versionThe pre-commit tool hooks into Git's commit machinery to run a set of linters and static analyzers over each change. To install pre-commit into Git's hooks, run:
pre-commit installTo uninstall pre-commit, run either pre-commit uninstall or rm .git/hooks/pre-commit.