Digital economies must be protected from cybercrime if they are to succeed. International police forces must collaborate extensively with colleagues in other countries in order to achieve this goal. The lack of a common vocabulary for describing cybercrime has hampered international cooperation for years. To remedy this situation, a number of government-related agencies are working on a digital language called CASE.

To exchange data between law enforcement agencies, forensic tools for investigating digital material must speak a common language. You can, for example, find emails on seized devices, stored in different apps such as Gmail, Outlook, or Apple Mail. These emails all look slightly different and can be read with different forensic tools. The forensic tools also describe these emails differently, such as 'mail', 'email', 'e-mail', or 'mail message'. Details of the email are also described differently. One tool may speak about the 'sender and recipient, while another might use terms like 'from and to'. For police forces to search these emails quickly and efficiently, it is imperative that these emails be extracted from these devices and brought together. To be able to do this agencies have to call them in an identical way. CASE is the language that defines these properties.

Several government organizations, investigative services, scientific, and commercial organizations are involved in the CASE project. Among them are the Netherlands Forensic Institute (NFI), the US Department of Defense Cyber Crime Center (DC3), the US National Institute of Standards and Technology (NIST), and the University of Lausanne (Switzerland). The project originally launched in 2014, but significant additions have been made recently, such as the Dark Web & Virtual Assets taxonomy, which greatly enhances the functionality and the adoption of the common language. Currently, the future development of the language is the responsibility of the Linux Foundation in the United States (US).

Photo credit: Markus Spiske