Web-Application development for the Digital Forensics domain

Proposition de stage - Internship proposal

Web-Application development for the Digital Forensics domain

Proposition de stage - Internship proposal

Profile Bachelor/master.
Prerequisites Python Programming, Understanding of object serializers/deserializers and compilers basics, Exposure to at least one of the following : XML, JSON, JSON-LD
Duration 3 months.
Language Interaction with senior researcher responsible of internship will be in English, therefore standard knowledge of English is required.

Context

The Evidence Project that completed its activities in November 2016, has provided a roadmap (guidelines, recommendations and technical standards) for realising the missing Common European Framework for the systematic and uniform application of new technologies in the collection, use and exchange of Electronic Evidence.
In the context of Evidence project a proof of concept application (PoC) has been built for managing the digital evidence exchange, the metadata, the description and reproducibility of the analysis and the chain of custody. The aim was not to create yet another exchange or case management system, but instead fill the gaps of functional and data format heterogeneity of existing systems by using standard protocols and a semantically rich representation such as the DFAX language. The PoC application was build using the Python-based MVC framework Django together with the Bootstrap framework. The two frameworks were chosen for their mobile first web frontends approach and compatibility with the majority of operating systems, types of devices and platforms.
The PoC has been developed in close collaboration with the digital forensics community that is driving the representation language, its implementations and standardisation efforts. This community consists of digital forensic experts and researchers from USA and Europe including organisations such as the MITRE, NFI and University of Lausanne (École Des Sciences Criminelles).

Work to be realised

Since the implementation work on the PoC has been completed by the Evidence project, the representation language and standards used by the DFAX community has been changed. The new approach focuses more on the needs of the digital forensics experts and the forensic tools used. The data schema and model of the new standard has been changed according to these needs. Additionally the format of the representation language has been changed from XML to JSON-LD.
It is also very interesting to follow the developments for the CyBoX standard (https://cyboxproject.github.io/) for describing cyber threat information in a standardized and structured manner. CyBoX has been used by the Evidence project and it is a very popular with the community and tools standard but it has been integrated into the Structured Threat Information Expression (STIX™) project. (https://oasis-open.github.io/cti-documentation/stix/about).
This internship aims at adapting and developing components of the PoC according to the new representation language model - that is called CASE (https://casework.github.io/case/) - and the new serialization format, JSON-LD. More specifically :

  • Development of the Python and Django Web Application to adapt existing model to new CASE model
  • Development with Python and a CASE Library (aimed for the PLASO tool - https://github.com/casework/case_plaso) for the serialization/deserialization of CASE documents.
  • Follow the developments and maintain support for the STIX project.

Support

This internship will be guided and supported by a senior researcher. Additionally this work will be supported by the community of researchers from other European and US organisations that are working on the CASE standard and platform. Reporting of the progress is expected at the weekly development team meeting, which will be used for catching up, issue solving and work planning.

Contact : Nikolaos Matskanis (nikolaos.matskanis@cetic.be)