The JSON-LD files must be complied with the UCO/CASE version 1,3 but they are also based on the drafting namespace, aimed to represent artifact not included in the ontology yet. The application processes the following Artifacts:
- ACCOUNT
- CALL
- CELL SITE
- CHAT
- COOKIE
- EVENT
- FILE (Image, Audio, Video, Text, Archive, Database, Application, Uncategorised)
- LOCATION DEVICE
- SEARCHED ITEM
- SOCIAL MEDIA ACTIVITY (in drafting namespace)
- WEB HISTORY
- WIRELESS NETWORK
The Artifacts are shown in a tree-view structure in a similar manner the forensic tools readers provided by the most popular commercial forensic tools do. The main aim of the viewer is to display the JSON-LD content in a user-friendly manner for checking the accuracy and the coverage of the conversion process, from XML (output of the commercial tool) to JSPN-LD.
In the first part of the processing the application carries out a formal check of the JSON-LD content, relying on the load method of the module json.
The application relies on Poetry as dependency manager, and all dependencies are described in the pyproject.toml file. To use the application after downloading the code activate a custom virtual environment and then run the command poetry install.
case_viewer JSON_INPUT
where:
JSON_INPUTis the file to be processed.
For those with make available (e.g. in a POSIX command line environment), make will run enough from a fresh git clone to set up a demonstration call of the viewer against an example JSON-LD file.
Portions of this repository contributed by NIST are governed by the NIST Software Licensing Statement.