(Please see the NIST disclaimer.)
This repository implements translations between Digital Forensics XML (DFXML) and Cyber-investigation Analysis Standard Expression (CASE).
This repository provides two commands on installation. It depends on the CASE Python Utilities being installed (which can be done via pip), and the DFXML Python library. These installations can be done in a virtual environment if you do not have (or wish to use) administrator privileges.
Running "make check" creates a usable virtual environment under tests/venv, as well as running unit tests. This will require networking to install any dependencies not yet cached by pip.
Translating DFXML to CASE:
dfxml_to_case input.dfxml output.case
(dfxml_to_case.py allows output format selection with --output-format. Default is TTL.)
Translating CASE to DFXML:
case_to_dfxml input.case output.dfxml
If pretty-printing the XML output is desired, you may want to pipe through xmllint:
case_to_dfxml input.case >(xmllint --format - > output.dfxml)
There is a set of unit tests that checks round-trip conversion between the formats. Note that DFXML and CASE do not have the same conceptual scope, so the tests only cover translation in the context of storage system metadata.
Unit tests run with make check, without requiring administrator privileges (though may require networking as under the "Installation" section).
Some make targets are defined for this repository:
all- Installspre-commitfor this cloned repository instance.check- Run unit tests. NOTE: The tests entail an installation of this project's source tree, including prerequisites downloaded from PyPI.clean- Remove test build files.
This repository follows SEMVER conventions on a per-script basis. Version 0.1.0 will start providing a stable API, but currently awaits a CASE validation mechanism.
Portions of this repository contributed by NIST are governed by the NIST Software Licensing Statement.
Participation by NIST in the creation of the documentation of mentioned software is not intended to imply a recommendation or endorsement by the National Institute of Standards and Technology, nor is it intended to imply that any specific software is necessarily the best available for the purpose.