mirror of https://github.com/MISP/misp-objects
Add: Object template for digital evidence
parent
d92e482a96
commit
7ee2ff1901
|
@ -1,68 +0,0 @@
|
||||||
{
|
|
||||||
"requiredOneOf": [
|
|
||||||
"case-number",
|
|
||||||
"name-of-the-analyst",
|
|
||||||
"crime-date",
|
|
||||||
"analysis-start-date"
|
|
||||||
],
|
|
||||||
"attributes": {
|
|
||||||
"case-number": {
|
|
||||||
"description": "Any unique number assigned to the case for unique identification.",
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "text"
|
|
||||||
},
|
|
||||||
"case-name": {
|
|
||||||
"description": "Name to address the case.",
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "text"
|
|
||||||
},
|
|
||||||
"name-of-the-analyst": {
|
|
||||||
"description": "Name(s) of the analyst assigned to the case.",
|
|
||||||
"multiple": true,
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "text"
|
|
||||||
},
|
|
||||||
"location-of-the-crime": {
|
|
||||||
"description": "Location where the crime took place.",
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "text"
|
|
||||||
},
|
|
||||||
"crime-date": {
|
|
||||||
"description": "Date and time when the crime occurred.",
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "datetime"
|
|
||||||
},
|
|
||||||
"describe-the-crime-scene": {
|
|
||||||
"description": "Description of the crime scene",
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "text"
|
|
||||||
},
|
|
||||||
"objects-acquired": {
|
|
||||||
"description": "Digital evidence acquired from the crime scene.",
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "text"
|
|
||||||
},
|
|
||||||
"references": {
|
|
||||||
"description": "External references",
|
|
||||||
"multiple": true,
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "link"
|
|
||||||
},
|
|
||||||
"analysis-start-date": {
|
|
||||||
"description": "Date when the analysis began.",
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "datetime"
|
|
||||||
},
|
|
||||||
"additional-comments": {
|
|
||||||
"description": "Comments.",
|
|
||||||
"ui-priority": 0,
|
|
||||||
"misp-attribute": "text"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"version": 1,
|
|
||||||
"description": "Describes details of the case under analysis.",
|
|
||||||
"meta-category": "misc",
|
|
||||||
"uuid": "3ea36022-ae93-455e-88b1-d43aca789cac",
|
|
||||||
"name": "Digital forensic - Case info"
|
|
||||||
}
|
|
||||||
|
|
|
@ -0,0 +1,78 @@
|
||||||
|
{
|
||||||
|
"required": [
|
||||||
|
"case-number",
|
||||||
|
"evidence-number"
|
||||||
|
],
|
||||||
|
"attributes": {
|
||||||
|
"case-number": {
|
||||||
|
"description": "A unique number assigned to the case for unique identification.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"evidence-number": {
|
||||||
|
"description": "A unique number assigned to the evidence for unique identification.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"type": {
|
||||||
|
"description": "Evidence type.",
|
||||||
|
"multiple": true,
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"sane_default": [
|
||||||
|
"Computer",
|
||||||
|
"Network",
|
||||||
|
"Mobile Device",
|
||||||
|
"Multimedia",
|
||||||
|
"Cloud",
|
||||||
|
"IoT",
|
||||||
|
"Other"
|
||||||
|
],
|
||||||
|
"disable_correlation": true
|
||||||
|
},
|
||||||
|
"name": {
|
||||||
|
"description": "Name",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"acquisition-hash-type": {
|
||||||
|
"description": "Hashing algorithm used on the evidence",
|
||||||
|
"multiple": true,
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text",
|
||||||
|
"sane_default": [
|
||||||
|
"MD5",
|
||||||
|
"SHA-1",
|
||||||
|
"Other"
|
||||||
|
],
|
||||||
|
"disable_correlation": true
|
||||||
|
},
|
||||||
|
"acquisition-hash": {
|
||||||
|
"description": "Acquisition hash of the evidence",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"references": {
|
||||||
|
"description": "External references",
|
||||||
|
"multiple": true,
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "link"
|
||||||
|
},
|
||||||
|
"additional-comments": {
|
||||||
|
"description": "Comments.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "text"
|
||||||
|
},
|
||||||
|
"file-upload": {
|
||||||
|
"description": "Upload any file pertaining to the evidence.",
|
||||||
|
"ui-priority": 0,
|
||||||
|
"misp-attribute": "attachment",
|
||||||
|
"multiple": true
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"version": 1,
|
||||||
|
"description": "An object template to describe a digital forensic evidence.",
|
||||||
|
"meta-category": "misc",
|
||||||
|
"uuid": "fe44c648-63ef-43fc-b3de-af71a2e023e4",
|
||||||
|
"name": "forensic-evidence"
|
||||||
|
}
|
Loading…
Reference in New Issue