DFAX – Digital Forensic Analysis eXpression

September 4, 2015

For some years, we’ve been observing the convergence among the various LI and CYBER realms. A posting yesterday to the hyperactive new OASIS CTI (Cyber Threat Intelligence) Technical Committee list underscores that evolution. It described a surprisingly mature new protocol dubbed DFAX – Digital Forensic Analysis eXpression.

It details the emergence of a new initiative undertaken by MITRE and other parties to develop an expansive new means for the structured exchange of digital evidence. The recently published paper in Digital investigation provides considerable detail concerning DFAX’s developments and use cases, including a high level diagram linking the concepts and schemas.

As the paper notes, “this work also introduces and leverages initial steps of a Unified Cyber Ontology (UCO) effort to abstract and express constructs that are common across the cyber domain, and that can be leveraged for consistency and broad-scope interoperability by various domain specific languages.” The paper provides useful research as to other related work.

Today a pointer was provided on the CTI list to the associated GitHub for running code in the form of DFAX schemas.

To be continued…