MSAB, a global leader in mobile forensic solutions, today announced that the company has joined other industry leaders to work collaboratively on the Cyber-Investigation Analysis Standard Expression (CASE) initiative. CASE is a community-developed specification language or standard designed to serve a broad range of cyber-investigation domains, including digital forensic science, incident response, counter-terrorism, criminal justice, forensic intelligence and situational awareness.
The CASE Initiative began in 2015 at the U.S. Department of Defense Cyber Crime Center (DC3). The standard was released as open source in 2017 and its adoption grew following a meeting at Europol’s European Cybercrime Centre. The primary motivation for CASE is interoperability—to advance the exchange of cyber-investigation information between tools and organizations.
Digital forensic specialists routinely use software tools to extract, parse and analyze information on a hard drive or a mobile phone. Today, it is often difficult to aggregate the digital information in a standardized way. For every tool available, investigators have to match the extracted data with the tool specifications, making the process time-consuming and costly. CASE supports automated normalization, combination, correlation and validation of information, enabling investigators to spend less time parsing and aggregating data and more time analyzing.
“We welcome the chance to work with other organizations and technology providers to modernize the digital forensics processes that exist today,” said Joel Bollö, MSAB CEO. “Criminal enterprises and other threat actors are becoming more sophisticated in using mobile devices, the Internet of Things, encryption and new apps. Collectively we will all be strengthened by helping the digital intelligence community work together more effectively and share information more easily.”
In addition to MSAB, other participants in the CASE Initiative include the U.S. National Institute of Standards Technology (NIST), the U.S. Department of Defense Cyber Crime Center (DC3), Europol’s European Cybercrime Center (EC3), governments and law enforcement agencies, industry peers, and academic institutions.