With the CASE Cyber Ontology continuing to grow and be actively supported by forensic tools, we should ensure that SQLite Dissect supports this open standard of cyber investigations.
Scope:
For the initial operating capability, the following metadata should be supported:
[x] Tool information
[x] Runtime configuration (arguments)
[x] Investigation timeline and metadata from the execution
[x] Input observable files
[x] Output observable files and relationship to the tool
There should also exist a GitHub action and/or unit test to ensure the output is compatible with the CASE JSON-LD standard.
Background:
With the CASE Cyber Ontology continuing to grow and be actively supported by forensic tools, we should ensure that SQLite Dissect supports this open standard of cyber investigations.
Scope:
For the initial operating capability, the following metadata should be supported:
There should also exist a GitHub action and/or unit test to ensure the output is compatible with the CASE JSON-LD standard.
References:
CASE Ontology - https://caseontology.org/ CASE Export Examples - https://caseontology.org/examples/ CASE GitHub - https://github.com/casework/CASE