Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

Cyber-investigation Analysis Standard Expression (CASE)

Read the CASE Wiki tab to learn everything you need to know about the Cyber-investigation Analysis Standard Expression (CASE) ontology. For learning about the Unified Cyber Ontology, CASE's parent, see UCO.

CASE Plaso implementation

Development Status: Alpha

Alpha status implies:

  • Designation of versions of CASE and UCO the project supports.
  • Follow Semantic Versioning (SEMVER).

This implementation is not ontology-correct! However, it attempts to adhere to v0.1.0 of CASE. This is an implementation of exporting plaso storage files into an RDF graph following the CASE ontology.

Install

Install the case API

git clone https://github.com/casework/CASE-Python-API.git
pip install CASE-Python-API

Then clone and install requirements.txt

git clone https://github.com/casework/CASE-Plaso-Implementation.git
cd CASE-Plaso-Implementation
pip install -r requirements.txt

Usage

Pass the storage file created by the log2timeline tool into the "case_plaso" tool:

python case_plaso_export.py myimage.bin.plaso output.json --format json-ld

I have a question!

Before you post a Github issue or send an email ensure you've done this checklist:

  1. Determined scope of your task. It is not necessary for most parties to understand all aspects of the ontology, mapping methods, and supporting tools.

  2. Familiarize yourself with the labels and search the Issues tab. Typically, only light-blue and red labels should be used by non-admin Github users while the others should be used by CASE Github admins. All but the red Project labels are found in every casework repository.

About

CASE (v0.1.0) implementation into Plaso.

Topics

Resources

License

Releases

No releases published

Packages

No packages published

Languages