Using Standardization and Ontology to Enhance Data Protection and Intelligent Analysis of Electronic Evidence

There are increasing amounts of personal information being stored within various systems and organizations to support health care, financial transactions, telecommunications, and many other necessities of modern life. A limited portion of this information may be required as part of an authorized digital inquiry, including criminal, civil, and regulatory matters. At every phase of a digital inquiry, information must be well organized and the provenance of electronic evidence must be maintained for forensic purposes. Furthermore, electronic evidence must be carefully protected to prevent privacy violations, exposure of secrets, and violation of license agreements. Fulfilling investigative and forensic requirements, while organizing data and protecting information appropriately, is supported by the open community-developed specification language called CASE, the Cyber-investigation Analysis Standard Expression. This standardisation effort is a rational progression from the foundational work on Digital Forensic Analysis eXpression (DFAX) which was created by many of the same contributors as CASE.