├── etc
    ├── dependency_files.tsv
    └── domain_directories.tsv
├── tests
    ├── .gitignore
    ├── examples
    │   ├── investigative_action_PASS_validation.ttl
    │   ├── investigative_action_XFAIL_validation.ttl
    │   ├── investigative_action_PASS.json
    │   ├── Makefile
    │   ├── investigative_action_XFAIL.json
    │   └── test_validation.py
    ├── shapes
    │   ├── Makefile
    │   └── case-qc.ttl
    ├── test_case_monolithic.py
    └── Makefile
├── .gitmodules
├── .gitignore
├── .github
    ├── ISSUE_TEMPLATE
    │   ├── question.md
    │   ├── config.yml
    │   ├── bug_report.md
    │   └── change-request.md
    ├── workflows
    │   └── ci.yml
    └── pull_request_template.md
├── ontology
    ├── vocabulary
    │   ├── catalog-v001.xml
    │   ├── vocabulary.ttl
    │   └── Makefile
    ├── master
    │   ├── Makefile
    │   ├── case.ttl
    │   └── catalog-v001.xml
    ├── investigation
    │   ├── catalog-v001.xml
    │   ├── Makefile
    │   └── investigation.ttl
    └── Makefile
├── CONTRIBUTE.md
├── NORMALIZING.md
├── README.md
├── Makefile
├── ChangeLog
└── LICENSE


/etc/dependency_files.tsv:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/tests/.gitignore:
--------------------------------------------------------------------------------
1 | case_monolithic.ttl
2 | inheritance_review.ttl
3 | 


--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "dependencies/UCO"]
2 | 	path = dependencies/UCO
3 | 	url = https://github.com/ucoProject/UCO.git
4 | 


--------------------------------------------------------------------------------
/etc/domain_directories.tsv:
--------------------------------------------------------------------------------
1 | https://ontology.caseontology.org/	${top_srcdir}/ontology/
2 | https://ontology.unifiedcyberontology.org/	${top_srcdir}/dependencies/UCO/ontology/
3 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | *.pyc
 2 | *.pyo
 3 | 
 4 | # Unit testing files
 5 | .*.done.log
 6 | .*.ttl
 7 | venv
 8 | 
 9 | # Pycharm files
10 | .idea
11 | 
12 | # Protege files
13 | .project
14 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/question.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: Question
3 | about: Ask a general question, such as on how to represent or use a property.
4 | title: ''
5 | labels: question
6 | assignees: ''
7 | ---
8 | 


--------------------------------------------------------------------------------
/ontology/vocabulary/catalog-v001.xml:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
2 | <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog" prefer="public">
3 |     <uri id="User Entered Import Resolution" uri="vocabulary.ttl" name="https://ontology.caseontology.org/case/vocabulary"/>
4 | </catalog>
5 | 


--------------------------------------------------------------------------------
/tests/examples/investigative_action_PASS_validation.ttl:
--------------------------------------------------------------------------------
 1 | @prefix owl: <http://www.w3.org/2002/07/owl#> .
 2 | @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 3 | @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
 4 | @prefix sh: <http://www.w3.org/ns/shacl#> .
 5 | @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 6 | 
 7 | []
 8 | 	a sh:ValidationReport ;
 9 | 	sh:conforms "true"^^xsd:boolean ;
10 | 	.
11 | 
12 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
 1 | blank_issues_enabled: false
 2 | contact_links:
 3 |   - name: CASE Website
 4 |     url: https://caseontology.org/
 5 |     about: See usage examples and other documentation here.
 6 |   - name: UCO Website
 7 |     url: https://unifiedcyberontology.org/
 8 |     about: See UCO design documentation here.
 9 |   - name: CASE Examples
10 |     url: https://github.com/casework/CASE-Examples/
11 |     about: Please request examples for concept usage here.
12 |   - name: CASE Website (source)
13 |     url: https://github.com/casework/casework.github.io/
14 |     about: Please request documentation updates pertaining to CASE and/or UCO here.
15 |   - name: UCO Website (source)
16 |     url: https://github.com/ucoProject/ucoproject.github.io/
17 |     about: Please request documentation updates pertaining to UCO here.
18 | 


--------------------------------------------------------------------------------
/ontology/vocabulary/vocabulary.ttl:
--------------------------------------------------------------------------------
 1 | @prefix owl: <http://www.w3.org/2002/07/owl#> .
 2 | @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 3 | @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
 4 | @prefix vocab: <https://ontology.caseontology.org/case/vocabulary/> .
 5 | @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 6 | 
 7 | <https://ontology.caseontology.org/case/vocabulary>
 8 | 	a owl:Ontology ;
 9 | 	rdfs:label "vocabularies"@en ;
10 | 	owl:backwardCompatibleWith vocab:1.3.0 ;
11 | 	owl:priorVersion vocab:1.3.0 ;
12 | 	owl:versionIRI vocab:1.4.0 ;
13 | 	.
14 | 
15 | vocab:InvestigationFormVocab
16 | 	a rdfs:Datatype ;
17 | 	rdfs:label "Investigation Form Vocabulary"@en-US ;
18 | 	rdfs:comment "Defines an open-vocabulary of investigation forms."@en-US ;
19 | 	owl:equivalentClass [
20 | 		a rdfs:Datatype ;
21 | 		owl:oneOf (
22 | 			"case"
23 | 			"incident"
24 | 			"suspicious-activity"
25 | 		) ;
26 | 	] ;
27 | 	.
28 | 
29 | 


--------------------------------------------------------------------------------
/CONTRIBUTE.md:
--------------------------------------------------------------------------------
 1 | # Contributing to the CASE ontology
 2 | 
 3 | 
 4 | ## Testing prerelease states
 5 | 
 6 | Practices for users interested in testing prerelease states are documented on the [Cyber Domain Ontology website](https://cyberdomainontology.org/ontology/development/#testing-prereleases).
 7 | 
 8 | 
 9 | ## Using Protégé catalog files
10 | 
11 | Interested users of `catalog-v001.xml` files, e.g. users of [Protégé](https://protege.stanford.edu/), can use these XML files to interact with CASE as local files.  To do so, CASE must be `git-clone`'d with Git submodules also cloned.  This can be done with the following commands:
12 | 
13 | * `git clone --recursive https://github.com/casework/CASE.git` (all users)
14 | * `git clone https://github.com/casework/CASE.git ; cd CASE ; make` (macOS or Linux users)
15 |    - The narrowest setup operation strictly for purposes of supporting the `catalog-v001.xml` files is to run `make .git_submodule_init.done.log` instead of the default `make all`.
16 | 
17 | Protégé should not require network connectivity to load imported ontologies after the above commands are run.
18 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Bug report
 3 | about: Create a report to help us improve.
 4 | title: ''
 5 | labels: 'bug'
 6 | assignees: ''
 7 | 
 8 | ---
 9 | 
10 | <!--
11 | Note that text between the HTML comments will be recorded in this issue's source for future editing, but will not render on Github.  So, please feel free to delete whatever portion of these comments, or this template, that you do not use.
12 | -->
13 | 
14 | 
15 | # Bug description
16 | 
17 | <!--
18 | A clear and concise description of what the bug is.
19 | 
20 | If you are seeing an errant behavior or implementation related to a property, it helps with diagnosing the issue if you can identify the property, for instance by a line within the corresponding ontology Turtle file, the property short name, or some other means.
21 | -->
22 | 
23 | 
24 | ## Steps to reproduce
25 | 
26 | <!--
27 | Steps to reproduce the behavior.
28 | 
29 | If you came across this error by seeing a SHACL validation result, please provide a Turtle or JSON-LD snippet that recreates the error.  Also, please note if you were testing against the current release (master branch) or a development pre-release (e.g. via downloading `CASE-develop.ttl`).  If you don't know, it's likely you encountered this via the current release.
30 | -->
31 | 


--------------------------------------------------------------------------------
/.github/workflows/ci.yml:
--------------------------------------------------------------------------------
 1 | # Portions of this file contributed by NIST are governed by the
 2 | # following statement:
 3 | #
 4 | # This software was developed at the National Institute of Standards
 5 | # and Technology by employees of the Federal Government in the course
 6 | # of their official duties. Pursuant to Title 17 Section 105 of the
 7 | # United States Code, this software is not subject to copyright
 8 | # protection within the United States. NIST assumes no responsibility
 9 | # whatsoever for its use by other parties, and makes no guarantees,
10 | # expressed or implied, about its quality, reliability, or any other
11 | # characteristic.
12 | #
13 | # We would appreciate acknowledgement if the software is used.
14 | 
15 | # This workflow uses Make to confirm ontology files have been
16 | # normalized according to the procedures in NORMALIZE.md.
17 | 
18 | name: Continuous Integration
19 | 
20 | on:
21 |   push:
22 |     branches: [ master, develop*, unstable* ]
23 |   pull_request:
24 |     branches: [ master, develop*, unstable* ]
25 | 
26 | jobs:
27 |   build:
28 | 
29 |     runs-on: ubuntu-latest
30 | 
31 |     steps:
32 |     - uses: actions/checkout@v4
33 |     - uses: actions/setup-java@v4
34 |       with:
35 |         distribution: 'temurin'
36 |         java-version: '11'
37 |     - name: Start from clean state
38 |       run: make clean
39 |     - name: Run tests
40 |       run: make check
41 | 


--------------------------------------------------------------------------------
/tests/examples/investigative_action_XFAIL_validation.ttl:
--------------------------------------------------------------------------------
 1 | @prefix investigation: <https://ontology.caseontology.org/case/investigation/> .
 2 | @prefix owl: <http://www.w3.org/2002/07/owl#> .
 3 | @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 4 | @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
 5 | @prefix sh: <http://www.w3.org/ns/shacl#> .
 6 | @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 7 | 
 8 | []
 9 | 	a sh:ValidationReport ;
10 | 	sh:conforms "false"^^xsd:boolean ;
11 | 	sh:result
12 | 		[
13 | 			a sh:ValidationResult ;
14 | 			sh:focusNode <http://example.org/kb/provenance-record-f54f88ad-2659-4fba-8c3e-d96efa560fdf> ;
15 | 			sh:resultMessage "Value is not Literal with datatype xsd:string" ;
16 | 			sh:resultPath investigation:exhibitNumber ;
17 | 			sh:resultSeverity sh:Violation ;
18 | 			sh:sourceConstraintComponent sh:DatatypeConstraintComponent ;
19 | 			sh:sourceShape [
20 | 				sh:datatype xsd:string ;
21 | 				sh:maxCount "1"^^xsd:integer ;
22 | 				sh:nodeKind sh:Literal ;
23 | 				sh:path investigation:exhibitNumber ;
24 | 			] ;
25 | 			sh:value "1"^^xsd:integer ;
26 | 		] ,
27 | 		[
28 | 			a sh:ValidationResult ;
29 | 			sh:focusNode <http://example.org/kb/provenance-record-f54f88ad-2659-4fba-8c3e-d96efa560fdf> ;
30 | 			sh:resultMessage "Value is not Literal with datatype xsd:string" ;
31 | 			sh:resultPath investigation:rootExhibitNumber ;
32 | 			sh:resultSeverity sh:Violation ;
33 | 			sh:sourceConstraintComponent sh:DatatypeConstraintComponent ;
34 | 			sh:sourceShape [
35 | 				sh:datatype xsd:string ;
36 | 				sh:minCount "0"^^xsd:integer ;
37 | 				sh:nodeKind sh:Literal ;
38 | 				sh:path investigation:rootExhibitNumber ;
39 | 			] ;
40 | 			sh:value "1"^^xsd:integer ;
41 | 		]
42 | 		;
43 | 	.
44 | 
45 | 


--------------------------------------------------------------------------------
/tests/shapes/Makefile:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | 
 3 | # Portions of this file contributed by NIST are governed by the
 4 | # following statement:
 5 | #
 6 | # This software was developed at the National Institute of Standards
 7 | # and Technology by employees of the Federal Government in the course
 8 | # of their official duties. Pursuant to Title 17 Section 105 of the
 9 | # United States Code, this software is not subject to copyright
10 | # protection within the United States. NIST assumes no responsibility
11 | # whatsoever for its use by other parties, and makes no guarantees,
12 | # expressed or implied, about its quality, reliability, or any other
13 | # characteristic.
14 | #
15 | # We would appreciate acknowledgement if the software is used.
16 | 
17 | SHELL := /bin/bash
18 | 
19 | top_srcdir := $(shell cd ../.. ; pwd)
20 | 
21 | tests_srcdir := $(top_srcdir)/tests
22 | 
23 | all: \
24 |   .check-case-qc.ttl
25 | 
26 | .PHONY: \
27 |   check-%.ttl
28 | 
29 | .PRECIOUS: \
30 |   .check-%.ttl
31 | 
32 | .check-%.ttl: \
33 |   %.ttl \
34 |   $(top_srcdir)/.lib.done.log
35 | 	java -jar $(top_srcdir)/dependencies/UCO/lib/rdf-toolkit.jar \
36 | 	  --inline-blank-nodes \
37 | 	  --source $< \
38 | 	  --source-format turtle \
39 | 	  --target $@_ \
40 | 	  --target-format turtle
41 | 	mv $@_ $@
42 | 
43 | check: \
44 |   check-case-qc.ttl
45 | 
46 | # Reminder: diff exits non-0 on finding any differences.
47 | # Reminder: The $^ automatic Make variable is the name of all recipe prerequisites.
48 | check-%.ttl: \
49 |   %.ttl \
50 |   .check-%.ttl
51 | 	diff $^ \
52 | 	  || (echo "ERROR:tests/shapes/Makefile:The local $< does not match the normalized version. If the above reported changes look fine, run 'cp .check-$< $<' while in the sub-folder tests/shapes/ to get a file ready to commit to Git." >&2 ; exit 1)
53 | 
54 | clean:
55 | 	@rm -f \
56 | 	  .check-*.ttl*
57 | 


--------------------------------------------------------------------------------
/.github/pull_request_template.md:
--------------------------------------------------------------------------------
 1 | <!--
 2 | # Pull request instructions
 3 | (Note that text between the HTML comments will be recorded in this pull request's source for future editing, but will not render on Github.  So, please delete whatever portion of this comment you do not use.  Text portions suggested to extract are at the bottom of this snippet.)
 4 | 
 5 | CDO Pull Requests for ontology repositories generally follow one of two forms: "Bug-fix" pull requests, and all others.
 6 | 
 7 | A "Bug-fix" pull request will typically be of low-to-zero risk to the ontology and its downstream resources.  This is different from a bug-reporting Issue.  Bugs described in an Issue can be significantly complex and require committee consensus to resolve.  A "Bug-fix" pull request will generally be close to a self-explaining correction.
 8 | 
 9 | The risk assessment of a "Bug-fix" proposal is confirmed by two members of the Ontology Committee leadership agreeing that no committee review is required.
10 | 
11 | It is difficult to describe what "Low risk" would be in general.  Typo corrections in documentation comments would be likely to qualify.  Correction (not addition) of type constraints are less likely, but still probable.  Cardinality corrections are improbable, as programming assumptions may have been made based on those specifications.  In summary, please be aware that what is submitted as a "Bug-fix" proposal may be treated as requiring committee review, and possibly further use case description.
12 | 
13 | 
14 | ## Template text
15 | 
16 | If you are writing a "Bug-fix" pull request, please use the following description (cutting the leading "> "):
17 | > This Pull Request is a bug-fix change proposal, believed to be of low risk to the ontology and its downstream resources.
18 | 
19 | For a pull request of any other nature, please reference a Github Issue number that the Pull Request would resolve.  (Please remove the leading "> ".)
20 | > This Pull Request resolves all requirements of Issue # .
21 | -->
22 | 


--------------------------------------------------------------------------------
/NORMALIZING.md:
--------------------------------------------------------------------------------
 1 | # Ontology data normalization
 2 | 
 3 | CASE uses a normalization process to help prevent errors and confusion during version control. This makes sure that the ontology files will reflect only substantive changes.
 4 | 
 5 | This file describes the normalization requirement for submitting revisions to the CASE ontology's Turtle files.
 6 | 
 7 | The CASE ontology, encoded as Turtle, follows a procedure based on the [`rdf-toolkit`](https://github.com/edmcouncil/rdf-toolkit) utility.  For CASE, the "normalized" form of Turtle is the form that results from an idempotent application of rules to settle questions of Turtle style, such as:
 8 | 
 9 | * Definition sort order
10 | * Whitespace usage
11 | * Prefix usage
12 | * Comma placement
13 | * Expansion of [collections](https://www.w3.org/TR/turtle/#collections)
14 | * Blank node placement
15 | 
16 | The CASE community considers the ontology serialization to be "normalized" when an application of rules to decide the above "stylistic" matters no longer changes a Turtle file.
17 | 
18 | 
19 | ## Normalization command
20 | 
21 | This invocation of `rdf-toolkit` shows the flags to be used.  "`INPUT_TTL_FILE`" is the CASE Turtle file that is not necessarily normalized. "`OUTPUT_TTL_FILE`" is the resulting Turtle file after normalization.  This same command run on "`OUTPUT_TTL_FILE`" as input should produce a file with no further changes.
22 | 
23 | ```
24 | java -jar rdf-toolkit.jar \
25 |   --infer-base-iri \
26 |   --inline-blank-nodes \
27 |   --source INPUT_TTL_FILE \
28 |   --source-format turtle \
29 |   --target OUTPUT_TTL_FILE \
30 |   --target-format turtle
31 | ```
32 | 
33 | 
34 | ## Review procedure
35 | 
36 | As part of reviewing any Pull Request to the ontology, `rdf-toolkit` is used on the proposed Turtle files.  If there is any change from application of `rdf-toolkit`, the ontology maintainers will request the Pull Request be re-submitted.  This is to simplify review, and to keep the edit history to ontology files minimal, reducing the potential for confusion in future analysis of revisions.
37 | 


--------------------------------------------------------------------------------
/tests/shapes/case-qc.ttl:
--------------------------------------------------------------------------------
 1 | @prefix case-qc: <urn:example:case:qc:> .
 2 | @prefix owl: <http://www.w3.org/2002/07/owl#> .
 3 | @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 4 | @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
 5 | @prefix sh: <http://www.w3.org/ns/shacl#> .
 6 | @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 7 | 
 8 | <urn:example:case:qc>
 9 | 	a owl:Ontology ;
10 | 	rdfs:comment "This ontology contains shapes meant to be used against the transitive closure of CASE, excluding imported ontologies developed externally to UCO."@en ;
11 | 	.
12 | 
13 | case-qc:owl-Ontology-shape
14 | 	a sh:NodeShape ;
15 | 	sh:sparql
16 | 		[
17 | 			a sh:SPARQLConstraint ;
18 | 			sh:message "CASE imports of other CASE and UCO ontologies are expected to be of versionIRIs."@en ;
19 | 			sh:select '''
20 | 				SELECT $this ?value
21 | 				WHERE {
22 | 					$this owl:imports ?value .
23 | 					FILTER (
24 | 						STRSTARTS (
25 | 							STR(?value),
26 | 							"https://ontology.caseontology.org/"
27 | 						)
28 | 						||
29 | 						STRSTARTS (
30 | 							STR(?value),
31 | 							"https://ontology.unifiedcyberontology.org/"
32 | 						)
33 | 					)
34 | 					FILTER NOT EXISTS {
35 | 						?nOtherUcoOntology
36 | 							owl:versionIRI ?value ;
37 | 							.
38 | 					}
39 | 				}
40 | 			''' ;
41 | 		] ,
42 | 		[
43 | 			a sh:SPARQLConstraint ;
44 | 			sh:message "CASE version IRIs are expected to have a fragment matching the versionInfo string in the master CASE ontology."@en ;
45 | 			sh:select '''
46 | 				SELECT $this ?value
47 | 				WHERE {
48 | 					$this owl:versionIRI ?value .
49 | 					<https://ontology.caseontology.org/case/case> owl:versionInfo ?lCaseVersionInfo .
50 | 					FILTER (
51 | 						STRSTARTS (
52 | 							STR($this),
53 | 							"https://ontology.caseontology.org/"
54 | 						)
55 | 					)
56 | 					FILTER (
57 | 						STR(?value)
58 | 						!= 
59 | 						CONCAT(
60 | 							STR($this),
61 | 							"/",
62 | 							?lCaseVersionInfo
63 | 						)
64 | 					)
65 | 				}
66 | 			''' ;
67 | 		]
68 | 		;
69 | 	sh:targetClass owl:Ontology ;
70 | 	.
71 | 
72 | 


--------------------------------------------------------------------------------
/ontology/master/Makefile:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | 
 3 | # Portions of this file contributed by NIST are governed by the
 4 | # following statement:
 5 | #
 6 | # This software was developed at the National Institute of Standards
 7 | # and Technology by employees of the Federal Government in the course
 8 | # of their official duties. Pursuant to Title 17 Section 105 of the
 9 | # United States Code, this software is not subject to copyright
10 | # protection within the United States. NIST assumes no responsibility
11 | # whatsoever for its use by other parties, and makes no guarantees,
12 | # expressed or implied, about its quality, reliability, or any other
13 | # characteristic.
14 | #
15 | # We would appreciate acknowledgement if the software is used.
16 | 
17 | SHELL := /bin/bash
18 | 
19 | top_srcdir := ../..
20 | 
21 | uco_srcdir := $(top_srcdir)/dependencies/UCO
22 | 
23 | ttl_basenames := case.ttl
24 | 
25 | all: \
26 |   catalog-v001.xml
27 | 
28 | .check-case.ttl: \
29 |   $(top_srcdir)/.lib.done.log \
30 |   case.ttl
31 | 	java -jar $(top_srcdir)/dependencies/UCO/lib/rdf-toolkit.jar \
32 | 	  --inline-blank-nodes \
33 | 	  --source case.ttl \
34 | 	  --source-format turtle \
35 | 	  --target _$@ \
36 | 	  --target-format turtle
37 | 	mv _$@ $@
38 | 
39 | catalog-v001.xml: \
40 |   $(top_srcdir)/.venv.done.log \
41 |   $(top_srcdir)/etc/domain_directories.tsv \
42 |   $(top_srcdir)/etc/dependency_files.tsv \
43 |   $(uco_srcdir)/ontology/uco/master/catalog-v001.xml \
44 |   $(uco_srcdir)/src/create-catalog-v001.xml.py
45 | 	rm -f _$@
46 | 	source $(top_srcdir)/venv/bin/activate \
47 | 	  && python3 $(uco_srcdir)/src/create-catalog-v001.xml.py \
48 | 	    --catalog-xml $(uco_srcdir)/ontology/uco/master/catalog-v001.xml \
49 | 	    _$@ \
50 | 	    $(top_srcdir)/etc/domain_directories.tsv \
51 | 	    $(top_srcdir)/etc/dependency_files.tsv \
52 | 	    "$(top_srcdir)" \
53 | 	    $(ttl_basenames)
54 | 	mv _$@ $@
55 | 
56 | check: \
57 |   .check-case.ttl \
58 |   catalog-v001.xml
59 | 	diff case.ttl .check-case.ttl
60 | 
61 | clean:
62 | 	@rm -f \
63 | 	  .check-*.ttl \
64 | 	  _* \
65 | 	  catalog-v001.xml
66 | 


--------------------------------------------------------------------------------
/ontology/master/case.ttl:
--------------------------------------------------------------------------------
 1 | # imports: https://ontology.caseontology.org/case/investigation/1.4.0
 2 | # imports: https://ontology.caseontology.org/case/vocabulary/1.4.0
 3 | # imports: https://ontology.unifiedcyberontology.org/uco/uco/1.4.0
 4 | 
 5 | @prefix dct: <http://purl.org/dc/terms/> .
 6 | @prefix owl: <http://www.w3.org/2002/07/owl#> .
 7 | @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
 8 | @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
 9 | @prefix skos: <http://www.w3.org/2004/02/skos/core#> .
10 | @prefix xml: <http://www.w3.org/XML/1998/namespace> .
11 | @prefix xs: <http://www.w3.org/2001/XMLSchema#> .
12 | @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
13 | 
14 | <https://ontology.caseontology.org/case/case>
15 | 	a owl:Ontology ;
16 | 	rdfs:label "case-master"@en ;
17 | 	rdfs:comment "The Cyber-investigation Analysis Standard Expression (CASE) ontology is a community-developed standard that defines concepts used in a broad range of cyber-investigation domains, including digital forensic science, incident response, counter-terrorism, criminal justice, forensic intelligence, and situational awareness. CASE includes all aspects of the digital forensic process, from evidence-gathering and chain of custody, to generating a final report. The goal is to increase sharing and interoperability of cyber-investigation information among organizations and between forensic analytic tools. CASE aligns with and extends the Unified Cyber Ontology (UCO). The preferred namespace abbreviation for this ontology is: case-master."@en ;
18 | 	dct:title "Cyber-investigation Analysis Standard Expression (CASE)"@en ;
19 | 	owl:backwardCompatibleWith <https://ontology.caseontology.org/case/case/1.3.0> ;
20 | 	owl:imports
21 | 		<https://ontology.caseontology.org/case/investigation/1.4.0> ,
22 | 		<https://ontology.caseontology.org/case/vocabulary/1.4.0> ,
23 | 		<https://ontology.unifiedcyberontology.org/uco/uco/1.4.0>
24 | 		;
25 | 	owl:priorVersion <https://ontology.caseontology.org/case/case/1.3.0> ;
26 | 	owl:versionIRI <https://ontology.caseontology.org/case/case/1.4.0> ;
27 | 	owl:versionInfo "1.4.0" ;
28 | 	.
29 | 
30 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Cyber-investigation Analysis Standard Expression (CASE)
 2 | 
 3 | _See the CASE website, [caseontology.org](https://caseontology.org/), to learn everything you need to know about the Cyber-investigation Analysis Standard Expression (CASE) ontology._
 4 | _For learning about the Unified Cyber Ontology, CASE's parent, see [UCO](https://github.com/ucoProject/UCO)._
 5 | 
 6 | ## Development guidelines
 7 | 
 8 | The CASE Ontology Committee models domain concepts, developing the knowledge encodings for the CASE ontology.  When these concepts are ready to be encoded as ontology entries, the following guidelines govern their entered forms:
 9 | 1. Style guidance - The [Style Guide for Documentation of the CASE Ontology](https://caseontology.org/resources/downloads/Style%20Guide%20for%20Documentation%20of%20the%20CASE%20Ontology.pdf) governs the style of ontology entries.  An overview presentation on the style guide is available [here](https://caseontology.org/resources/references/CASE%20Style%20Guide%20v1.0%202020-01-14.pdf).
10 | 2. Turtle serialization - CASE uses [rdf-toolkit](https://github.com/edmcouncil/rdf-toolkit) to normalize the syntax of ontology Turtle files.
11 | 
12 | ## Examples
13 | 
14 | Example CASE data and narratives can be found at these locations:
15 | 
16 | * The [CASE Topics Gallery](https://caseontology.org/examples/)
17 | * The [CASE Examples Repository](https://github.com/casework/CASE-Examples)
18 | 
19 | ## I have a question!
20 | 
21 | Before you post a Github issue or send an email ensure you've done this checklist:
22 | 
23 | 1. [Determined scope](https://caseontology.org/ontology/start.html#scope) of your task. It is not necessary for most parties to understand all aspects of the ontology, mapping methods, and supporting tools.
24 | 2. Search the [Issues tab](https://github.com/casework/CASE/issues) for duplicative issues.  Please know, however, that the CASE community primarily tracks issues in a Jira instance available to community members.  The Github Issue tracker can still be a way CASE issues are reported by users who have not registered with the community, but work on the issues will be scheduled and tracked in Jira.
25 | 


--------------------------------------------------------------------------------
/ontology/investigation/catalog-v001.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 2 | <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog" prefer="public">
 3 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/dependencies/collections-ontology/collections.owl" name="http://purl.org/co"/>
 4 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/dependencies/error/docs/current/error.ttl" name="http://purl.org/spar/error"/>
 5 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/co/co.ttl" name="https://ontology.unifiedcyberontology.org/co/1.4.0"/>
 6 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/action/action.ttl" name="https://ontology.unifiedcyberontology.org/uco/action/1.4.0"/>
 7 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/core/core.ttl" name="https://ontology.unifiedcyberontology.org/uco/core/1.4.0"/>
 8 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/location/location.ttl" name="https://ontology.unifiedcyberontology.org/uco/location/1.4.0"/>
 9 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/pattern/pattern.ttl" name="https://ontology.unifiedcyberontology.org/uco/pattern/1.4.0"/>
10 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/role/role.ttl" name="https://ontology.unifiedcyberontology.org/uco/role/1.4.0"/>
11 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/types/types.ttl" name="https://ontology.unifiedcyberontology.org/uco/types/1.4.0"/>
12 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/vocabulary/vocabulary.ttl" name="https://ontology.unifiedcyberontology.org/uco/vocabulary/1.4.0"/>
13 |     <uri id="User Entered Import Resolution" uri="../vocabulary/vocabulary.ttl" name="https://ontology.caseontology.org/case/vocabulary/1.4.0"/>
14 |     <uri id="User Entered Import Resolution" uri="investigation.ttl" name="https://ontology.caseontology.org/case/investigation"/>
15 | </catalog>
16 | 


--------------------------------------------------------------------------------
/ontology/Makefile:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | 
 3 | # Portions of this file contributed by NIST are governed by the
 4 | # following statement:
 5 | #
 6 | # This software was developed at the National Institute of Standards
 7 | # and Technology by employees of the Federal Government in the course
 8 | # of their official duties. Pursuant to Title 17 Section 105 of the
 9 | # United States Code, this software is not subject to copyright
10 | # protection within the United States. NIST assumes no responsibility
11 | # whatsoever for its use by other parties, and makes no guarantees,
12 | # expressed or implied, about its quality, reliability, or any other
13 | # characteristic.
14 | #
15 | # We would appreciate acknowledgement if the software is used.
16 | 
17 | SHELL := /bin/bash
18 | 
19 | top_srcdir := ..
20 | 
21 | all: \
22 |   all-investigation \
23 |   all-master \
24 |   all-vocabulary
25 | 
26 | .PHONY: \
27 |   all-investigation \
28 |   all-master \
29 |   all-vocabulary \
30 |   check-investigation \
31 |   check-master \
32 |   check-vocabulary \
33 |   clean-investigation \
34 |   clean-master \
35 |   clean-vocabulary
36 | 
37 | all-investigation:
38 | 	$(MAKE) \
39 | 	  --directory investigation
40 | 
41 | all-master:
42 | 	$(MAKE) \
43 | 	  --directory master
44 | 
45 | all-vocabulary:
46 | 	$(MAKE) \
47 | 	  --directory vocabulary
48 | 
49 | check: \
50 |   check-master \
51 |   check-investigation \
52 |   check-vocabulary
53 | 
54 | check-investigation: \
55 |   $(top_srcdir)/.lib.done.log
56 | 	$(MAKE) \
57 | 	  --directory investigation \
58 | 	  check
59 | 
60 | check-master: \
61 |   $(top_srcdir)/.lib.done.log
62 | 	$(MAKE) \
63 | 	  --directory master \
64 | 	  check
65 | 
66 | check-vocabulary: \
67 |   $(top_srcdir)/.lib.done.log
68 | 	$(MAKE) \
69 | 	  --directory vocabulary \
70 | 	  check
71 | 
72 | clean: \
73 |   clean-investigation \
74 |   clean-master \
75 |   clean-vocabulary
76 | 
77 | clean-investigation:
78 | 	@$(MAKE) \
79 | 	  --directory investigation \
80 | 	  clean
81 | 
82 | clean-master:
83 | 	@$(MAKE) \
84 | 	  --directory master \
85 | 	  clean
86 | 
87 | clean-vocabulary:
88 | 	@$(MAKE) \
89 | 	  --directory vocabulary \
90 | 	  clean
91 | 


--------------------------------------------------------------------------------
/ontology/vocabulary/Makefile:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | 
 3 | # Portions of this file contributed by NIST are governed by the
 4 | # following statement:
 5 | #
 6 | # This software was developed at the National Institute of Standards
 7 | # and Technology by employees of the Federal Government in the course
 8 | # of their official duties. Pursuant to Title 17 Section 105 of the
 9 | # United States Code, this software is not subject to copyright
10 | # protection within the United States. NIST assumes no responsibility
11 | # whatsoever for its use by other parties, and makes no guarantees,
12 | # expressed or implied, about its quality, reliability, or any other
13 | # characteristic.
14 | #
15 | # We would appreciate acknowledgement if the software is used.
16 | 
17 | SHELL := /bin/bash
18 | 
19 | top_srcdir := ../..
20 | 
21 | uco_srcdir := $(top_srcdir)/dependencies/UCO
22 | 
23 | ttl_basenames := vocabulary.ttl
24 | 
25 | all: \
26 |   catalog-v001.xml
27 | 
28 | .check-vocabulary.ttl: \
29 |   $(top_srcdir)/.lib.done.log \
30 |   vocabulary.ttl
31 | 	java -jar $(top_srcdir)/dependencies/UCO/lib/rdf-toolkit.jar \
32 | 	  --inline-blank-nodes \
33 | 	  --source vocabulary.ttl \
34 | 	  --source-format turtle \
35 | 	  --target _$@ \
36 | 	  --target-format turtle
37 | 	mv _$@ $@
38 | 
39 | catalog-v001.xml: \
40 |   $(top_srcdir)/.venv.done.log \
41 |   $(top_srcdir)/etc/domain_directories.tsv \
42 |   $(top_srcdir)/etc/dependency_files.tsv \
43 |   $(uco_srcdir)/ontology/uco/action/catalog-v001.xml \
44 |   $(uco_srcdir)/ontology/uco/role/catalog-v001.xml \
45 |   $(uco_srcdir)/src/create-catalog-v001.xml.py
46 | 	rm -f _$@
47 | 	source $(top_srcdir)/venv/bin/activate \
48 | 	  && python3 $(uco_srcdir)/src/create-catalog-v001.xml.py \
49 | 	    --catalog-xml $(uco_srcdir)/ontology/uco/action/catalog-v001.xml \
50 | 	    --catalog-xml $(uco_srcdir)/ontology/uco/role/catalog-v001.xml \
51 | 	    _$@ \
52 | 	    $(top_srcdir)/etc/domain_directories.tsv \
53 | 	    $(top_srcdir)/etc/dependency_files.tsv \
54 | 	    "$(top_srcdir)" \
55 | 	    $(ttl_basenames)
56 | 	mv _$@ $@
57 | 
58 | check: \
59 |   .check-vocabulary.ttl \
60 |   catalog-v001.xml
61 | 	diff vocabulary.ttl .check-vocabulary.ttl
62 | 
63 | clean:
64 | 	@rm -f \
65 | 	  .check-*.ttl \
66 | 	  _* \
67 | 	  catalog-v001.xml
68 | 


--------------------------------------------------------------------------------
/ontology/investigation/Makefile:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | 
 3 | # Portions of this file contributed by NIST are governed by the
 4 | # following statement:
 5 | #
 6 | # This software was developed at the National Institute of Standards
 7 | # and Technology by employees of the Federal Government in the course
 8 | # of their official duties. Pursuant to Title 17 Section 105 of the
 9 | # United States Code, this software is not subject to copyright
10 | # protection within the United States. NIST assumes no responsibility
11 | # whatsoever for its use by other parties, and makes no guarantees,
12 | # expressed or implied, about its quality, reliability, or any other
13 | # characteristic.
14 | #
15 | # We would appreciate acknowledgement if the software is used.
16 | 
17 | SHELL := /bin/bash
18 | 
19 | top_srcdir := ../..
20 | 
21 | uco_srcdir := $(top_srcdir)/dependencies/UCO
22 | 
23 | ttl_basenames := investigation.ttl
24 | 
25 | all: \
26 |   catalog-v001.xml
27 | 
28 | .check-investigation.ttl: \
29 |   $(top_srcdir)/.lib.done.log \
30 |   investigation.ttl
31 | 	java -jar $(top_srcdir)/dependencies/UCO/lib/rdf-toolkit.jar \
32 | 	  --inline-blank-nodes \
33 | 	  --source investigation.ttl \
34 | 	  --source-format turtle \
35 | 	  --target _$@ \
36 | 	  --target-format turtle
37 | 	mv _$@ $@
38 | 
39 | catalog-v001.xml: \
40 |   $(top_srcdir)/.venv.done.log \
41 |   $(top_srcdir)/etc/domain_directories.tsv \
42 |   $(top_srcdir)/etc/dependency_files.tsv \
43 |   $(uco_srcdir)/ontology/uco/action/catalog-v001.xml \
44 |   $(uco_srcdir)/ontology/uco/role/catalog-v001.xml \
45 |   $(uco_srcdir)/src/create-catalog-v001.xml.py
46 | 	rm -f _$@
47 | 	source $(top_srcdir)/venv/bin/activate \
48 | 	  && python3 $(uco_srcdir)/src/create-catalog-v001.xml.py \
49 | 	    --catalog-xml $(uco_srcdir)/ontology/uco/action/catalog-v001.xml \
50 | 	    --catalog-xml $(uco_srcdir)/ontology/uco/role/catalog-v001.xml \
51 | 	    _$@ \
52 | 	    $(top_srcdir)/etc/domain_directories.tsv \
53 | 	    $(top_srcdir)/etc/dependency_files.tsv \
54 | 	    "$(top_srcdir)" \
55 | 	    $(ttl_basenames)
56 | 	mv _$@ $@
57 | 
58 | check: \
59 |   .check-investigation.ttl \
60 |   catalog-v001.xml
61 | 	diff investigation.ttl .check-investigation.ttl
62 | 
63 | clean:
64 | 	@rm -f \
65 | 	  .check-*.ttl \
66 | 	  _* \
67 | 	  catalog-v001.xml
68 | 


--------------------------------------------------------------------------------
/tests/examples/investigative_action_PASS.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "@context": {
 3 |         "kb": "http://example.org/kb/",
 4 |         "case-investigation": "https://ontology.caseontology.org/case/investigation/",
 5 |         "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/",
 6 |         "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/",
 7 |         "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/",
 8 |         "xsd": "http://www.w3.org/2001/XMLSchema#"
 9 |     },
10 |     "@graph": [
11 |         {
12 |             "@id": "kb:file-1ef24857-e713-40ec-b325-b2561a4fcb3a",
13 |             "@type": [
14 |                 "uco-observable:File",
15 |                 "uco-observable:RasterPicture"
16 |             ],
17 |             "uco-core:description": "Screenshot of webpage",
18 |             "uco-core:hasFacet": [
19 |                 {
20 |                     "@id": "kb:file-facet-0e21a61a-3a68-490c-9e93-d456c227d14b",
21 |                     "@type": "uco-observable:FileFacet",
22 |                     "uco-observable:fileName": "screenshot-1.png",
23 |                     "uco-observable:sizeInBytes": 1234567
24 |                 },
25 |                 {
26 |                     "@id": "kb:raster-picture-facet-166f8489-cff6-4405-b977-be46dc4a1a88",
27 |                     "@type": "uco-observable:RasterPictureFacet",
28 |                     "uco-observable:pictureHeight": 1024,
29 |                     "uco-observable:pictureWidth": 768
30 |                 }
31 |             ]
32 |         },
33 |         {
34 |             "@id": "kb:investigative-action-45a85ed1-acd5-45be-aa78-891170bbd9b6",
35 |             "@type": "case-investigation:InvestigativeAction",
36 |             "uco-action:result": [
37 |                 {
38 |                     "@id": "kb:file-1ef24857-e713-40ec-b325-b2561a4fcb3a"
39 |                 },
40 |                 {
41 |                     "@id": "kb:provenance-record-9e807c8c-ad7e-41aa-bd60-1dc98cae25c7"
42 |                 }
43 |             ],
44 |             "uco-core:name": "Submit reference graphic"
45 |         },
46 |         {
47 |             "@id": "kb:provenance-record-9e807c8c-ad7e-41aa-bd60-1dc98cae25c7",
48 |             "@type": "case-investigation:ProvenanceRecord",
49 |             "case-investigation:exhibitNumber": "1",
50 |             "case-investigation:rootExhibitNumber": "1",
51 |             "uco-core:object": {
52 |                 "@id": "kb:file-1ef24857-e713-40ec-b325-b2561a4fcb3a"
53 |             }
54 |         }
55 |     ]
56 | }
57 | 


--------------------------------------------------------------------------------
/tests/examples/Makefile:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | 
 3 | # Portions of this file contributed by NIST are governed by the
 4 | # following statement:
 5 | #
 6 | # This software was developed at the National Institute of Standards
 7 | # and Technology by employees of the Federal Government in the course
 8 | # of their official duties. Pursuant to Title 17 Section 105 of the
 9 | # United States Code, this software is not subject to copyright
10 | # protection within the United States. NIST assumes no responsibility
11 | # whatsoever for its use by other parties, and makes no guarantees,
12 | # expressed or implied, about its quality, reliability, or any other
13 | # characteristic.
14 | #
15 | # We would appreciate acknowledgement if the software is used.
16 | 
17 | SHELL := /bin/bash
18 | 
19 | top_srcdir := $(shell cd ../.. ; pwd)
20 | 
21 | tests_srcdir := $(top_srcdir)/tests
22 | 
23 | all: \
24 |   investigative_action_PASS_validation.ttl \
25 |   investigative_action_XFAIL_validation.ttl
26 | 
27 | .PRECIOUS: \
28 |   %_validation.ttl
29 | 
30 | # NOTE - this recipe makes an allowance for a certain failure type
31 | # reported by pyshacl.  Pyshacl will exit status 1 in the case where
32 | # "DataGraph is Non-Conformant".  XFAIL tests are intended to
33 | # generate a non-conformance result, and feed that result forward to
34 | # pytest.  Hence, the Make recipe allows for an exit status of 0 or 1.
35 | # (0 would cause an expected failure later in pytest.)
36 | # Note that should another issue cause an exit status of 1, pytest will
37 | # fail because the result validation-graph file would not have expected
38 | # characteristics.
39 | %_validation.ttl: \
40 |   %.json \
41 |   $(tests_srcdir)/case_monolithic.ttl \
42 |   $(top_srcdir)/.venv.done.log
43 | 	source $(top_srcdir)/venv/bin/activate \
44 | 	  && pyshacl \
45 | 	    --data-file-format json-ld \
46 | 	    --format turtle \
47 | 	    --inference none \
48 | 	    --ont-file-format turtle \
49 | 	    --ont-graph $(tests_srcdir)/case_monolithic.ttl \
50 | 	    --shacl $(tests_srcdir)/case_monolithic.ttl \
51 | 	    --shacl-file-format turtle \
52 | 	    --output __$@ \
53 | 	    $< \
54 | 	    ; rc=$$? ; test 0 -eq $$rc -o 1 -eq $$rc
55 | 	java -jar $(top_srcdir)/dependencies/UCO/lib/rdf-toolkit.jar \
56 | 	  --inline-blank-nodes \
57 | 	  --source __$@ \
58 | 	  --source-format turtle \
59 | 	  --target _$@ \
60 | 	  --target-format turtle
61 | 	rm __$@
62 | 	mv _$@ $@
63 | 
64 | check: \
65 |   investigative_action_PASS_validation.ttl \
66 |   investigative_action_XFAIL_validation.ttl
67 | 	source $(top_srcdir)/venv/bin/activate \
68 | 	  && pytest \
69 | 	    --log-level=DEBUG
70 | 
71 | clean:
72 | 	@rm -f \
73 | 	  *_validation.ttl
74 | 


--------------------------------------------------------------------------------
/tests/examples/investigative_action_XFAIL.json:
--------------------------------------------------------------------------------
 1 | {
 2 |     "@context": {
 3 |         "kb": "http://example.org/kb/",
 4 |         "case-investigation": "https://ontology.caseontology.org/case/investigation/",
 5 |         "uco-action": "https://ontology.unifiedcyberontology.org/uco/action/",
 6 |         "uco-core": "https://ontology.unifiedcyberontology.org/uco/core/",
 7 |         "uco-observable": "https://ontology.unifiedcyberontology.org/uco/observable/",
 8 |         "xsd": "http://www.w3.org/2001/XMLSchema#"
 9 |     },
10 |     "@graph": [
11 |         {
12 |             "@id": "kb:file-9c9e20f9-e545-490f-bd3d-1fe230c18c0b",
13 |             "@type": [
14 |                 "uco-observable:File",
15 |                 "uco-observable:RasterPicture"
16 |             ],
17 |             "uco-core:description": "Screenshot of webpage",
18 |             "uco-core:hasFacet": [
19 |                 {
20 |                     "@id": "kb:file-facet-da204016-29ff-4d5e-a36f-ff75a9d3169b",
21 |                     "@type": "uco-observable:FileFacet",
22 |                     "uco-observable:fileName": "screenshot-1.png"
23 |                 },
24 |                 {
25 |                     "@id": "kb:raster-picture-facet-022af595-c417-47bf-b5f3-9a19ed3554bc",
26 |                     "@type": "uco-observable:RasterPictureFacet",
27 |                     "rdfs:comment": "The sizeInBytes property does not belong on this Facet.",
28 |                     "uco-observable:pictureHeight": 1024,
29 |                     "uco-observable:pictureWidth": 768,
30 |                     "uco-observable:sizeInBytes": 1234567
31 |                 }
32 |             ]
33 |         },
34 |         {
35 |             "@id": "kb:investigative-action-a6b22845-2d81-4d24-ac22-dec5139d027a",
36 |             "@type": "case-investigation:InvestigativeAction",
37 |             "uco-action:result": [
38 |                 {
39 |                     "@id": "kb:file-9c9e20f9-e545-490f-bd3d-1fe230c18c0b"
40 |                 },
41 |                 {
42 |                     "@id": "kb:provenance-record-f54f88ad-2659-4fba-8c3e-d96efa560fdf"
43 |                 }
44 |             ],
45 |             "uco-core:name": "Submit reference graphic"
46 |         },
47 |         {
48 |             "@id": "kb:provenance-record-f54f88ad-2659-4fba-8c3e-d96efa560fdf",
49 |             "@type": "case-investigation:ProvenanceRecord",
50 |             "rdfs:comment": "The exhibitNumber and rootExhibitNumber properties are errantly integers here, instead of strings.",
51 |             "case-investigation:exhibitNumber": 1,
52 |             "case-investigation:rootExhibitNumber": 1,
53 |             "uco-core:object": {
54 |                 "@id": "kb:file-9c9e20f9-e545-490f-bd3d-1fe230c18c0b"
55 |             }
56 |         }
57 |     ]
58 | }
59 | 


--------------------------------------------------------------------------------
/tests/test_case_monolithic.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python3
 2 | 
 3 | # Portions of this file contributed by NIST are governed by the
 4 | # following statement:
 5 | #
 6 | # This software was developed at the National Institute of Standards
 7 | # and Technology by employees of the Federal Government in the course
 8 | # of their official duties. Pursuant to Title 17 Section 105 of the
 9 | # United States Code, this software is not subject to copyright
10 | # protection within the United States. NIST assumes no responsibility
11 | # whatsoever for its use by other parties, and makes no guarantees,
12 | # expressed or implied, about its quality, reliability, or any other
13 | # characteristic.
14 | #
15 | # We would appreciate acknowledgement if the software is used.
16 | 
17 | import os
18 | from typing import Generator, Optional, Set
19 | 
20 | import pytest
21 | from rdflib import Graph, Namespace, OWL, RDF, RDFS, SH, URIRef
22 | 
23 | 
24 | @pytest.fixture(scope="module")
25 | def graph() -> Generator[Graph, None, None]:
26 |     graph = Graph()
27 |     graph.parse(os.path.join(os.path.dirname(__file__), "case_monolithic.ttl"))
28 |     assert len(graph) > 0, "Failed to load case_monolithic.ttl."
29 |     yield graph
30 | 
31 | 
32 | def test_rdf_design_vocabularies_defined(graph: Graph) -> None:
33 |     """
34 |     (This test is copied verbatim from UCO.  Alternative methods of
35 |     importing the review from UCO are welcome.)
36 | 
37 |     This test performs a typo review of RDF-, RDFS-, and OWL-namespaced concepts.
38 | 
39 |     The mechanism used is rdflib's ClosedNamespace.  The imported
40 |     objects RDF, RDFS, and OWL are instances of this Python class.
41 |     """
42 | 
43 |     expected: Set[URIRef] = set()  # This set is intentionally empty.
44 |     computed: Set[URIRef] = set()
45 | 
46 |     concepts_used: Set[URIRef] = set()
47 |     for triple in graph.triples((None, None, None)):
48 |         for triple_member in triple:
49 |             if not isinstance(triple_member, URIRef):
50 |                 continue
51 |             concepts_used.add(triple_member)
52 | 
53 |     OWL_str = str(OWL)
54 |     RDF_str = str(RDF)
55 |     RDFS_str = str(RDFS)
56 |     SH_str = str(SH)
57 | 
58 |     def _concept_in_design_vocabulary(concept: URIRef) -> Optional[bool]:
59 |         """
60 |         Return True -> Concept is defined in some design vocabulary.
61 |         Return False -> Concept is not defined in design vocabulary.
62 |         Return None -> N/A.
63 |         """
64 |         design_vocabulary: Namespace
65 |         if concept.startswith(OWL_str):
66 |             concept_fragment = concept.replace(OWL_str, "")
67 |             design_vocabulary = OWL
68 |         elif concept.startswith(RDF_str):
69 |             concept_fragment = concept.replace(RDF_str, "")
70 |             design_vocabulary = RDF
71 |         elif concept.startswith(RDFS_str):
72 |             concept_fragment = concept.replace(RDFS_str, "")
73 |             design_vocabulary = RDFS
74 |         elif concept.startswith(SH_str):
75 |             concept_fragment = concept.replace(SH_str, "")
76 |             design_vocabulary = SH
77 |         else:
78 |             return None
79 | 
80 |         try:
81 |             _ = design_vocabulary[concept_fragment]
82 |         except AttributeError:
83 |             return False
84 | 
85 |     assert (
86 |         _concept_in_design_vocabulary(
87 |             URIRef(
88 |                 "http://www.w3.org/2002/07/owl#NonExistentConcept-f287fb8b-433b-45a2-82b8-9b53bfa35c64"
89 |             )
90 |         )
91 |         is False
92 |     ), "ClosedNamespace functionality used in this test did not detect a known-erroneous value.  This test needs revising."
93 | 
94 |     for concept_used in concepts_used:
95 |         if _concept_in_design_vocabulary(concept_used) is False:
96 |             computed.add(concept_used)
97 | 
98 |     assert expected == computed
99 | 


--------------------------------------------------------------------------------
/ontology/master/catalog-v001.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 2 | <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog" prefer="public">
 3 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/dependencies/collections-ontology/collections.owl" name="http://purl.org/co"/>
 4 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/dependencies/error/docs/current/error.ttl" name="http://purl.org/spar/error"/>
 5 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/co/co.ttl" name="https://ontology.unifiedcyberontology.org/co/1.4.0"/>
 6 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/owl/owl.ttl" name="https://ontology.unifiedcyberontology.org/owl/1.4.0"/>
 7 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/action/action.ttl" name="https://ontology.unifiedcyberontology.org/uco/action/1.4.0"/>
 8 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/analysis/analysis.ttl" name="https://ontology.unifiedcyberontology.org/uco/analysis/1.4.0"/>
 9 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/configuration/configuration.ttl" name="https://ontology.unifiedcyberontology.org/uco/configuration/1.4.0"/>
10 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/core/core.ttl" name="https://ontology.unifiedcyberontology.org/uco/core/1.4.0"/>
11 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/identity/identity.ttl" name="https://ontology.unifiedcyberontology.org/uco/identity/1.4.0"/>
12 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/location/location.ttl" name="https://ontology.unifiedcyberontology.org/uco/location/1.4.0"/>
13 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/marking/marking.ttl" name="https://ontology.unifiedcyberontology.org/uco/marking/1.4.0"/>
14 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/master/uco.ttl" name="https://ontology.unifiedcyberontology.org/uco/uco/1.4.0"/>
15 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/observable/observable.ttl" name="https://ontology.unifiedcyberontology.org/uco/observable/1.4.0"/>
16 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/pattern/pattern.ttl" name="https://ontology.unifiedcyberontology.org/uco/pattern/1.4.0"/>
17 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/role/role.ttl" name="https://ontology.unifiedcyberontology.org/uco/role/1.4.0"/>
18 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/time/time.ttl" name="https://ontology.unifiedcyberontology.org/uco/time/1.4.0"/>
19 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/tool/tool.ttl" name="https://ontology.unifiedcyberontology.org/uco/tool/1.4.0"/>
20 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/types/types.ttl" name="https://ontology.unifiedcyberontology.org/uco/types/1.4.0"/>
21 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/victim/victim.ttl" name="https://ontology.unifiedcyberontology.org/uco/victim/1.4.0"/>
22 |     <uri id="User Entered Import Resolution" uri="../../dependencies/UCO/ontology/uco/vocabulary/vocabulary.ttl" name="https://ontology.unifiedcyberontology.org/uco/vocabulary/1.4.0"/>
23 |     <uri id="User Entered Import Resolution" uri="../investigation/investigation.ttl" name="https://ontology.caseontology.org/case/investigation/1.4.0"/>
24 |     <uri id="User Entered Import Resolution" uri="../vocabulary/vocabulary.ttl" name="https://ontology.caseontology.org/case/vocabulary/1.4.0"/>
25 |     <uri id="User Entered Import Resolution" uri="case.ttl" name="https://ontology.caseontology.org/case/case"/>
26 | </catalog>
27 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/make -f
  2 | 
  3 | # Portions of this file contributed by NIST are governed by the
  4 | # following statement:
  5 | #
  6 | # This software was developed at the National Institute of Standards
  7 | # and Technology by employees of the Federal Government in the course
  8 | # of their official duties. Pursuant to Title 17 Section 105 of the
  9 | # United States Code, this software is not subject to copyright
 10 | # protection within the United States. NIST assumes no responsibility
 11 | # whatsoever for its use by other parties, and makes no guarantees,
 12 | # expressed or implied, about its quality, reliability, or any other
 13 | # characteristic.
 14 | #
 15 | # We would appreciate acknowledgement if the software is used.
 16 | 
 17 | SHELL := /bin/bash
 18 | 
 19 | PYTHON3 ?= $(shell which python3)
 20 | 
 21 | all: \
 22 |   .venv.done.log
 23 | 	$(MAKE) \
 24 | 	  --directory ontology
 25 | 
 26 | # This recipe guarantees that 'git submodule init' and 'git submodule update' have run at least once.
 27 | # The recipe avoids running 'git submodule update' more than once, in case a user is testing with the submodule at a different commit than what CASE tracks.
 28 | .git_submodule_init.done.log: \
 29 |   .gitmodules
 30 | 	# UCO
 31 | 	test -r dependencies/UCO/README.md \
 32 | 	  || (git submodule init dependencies/UCO && git submodule update dependencies/UCO)
 33 | 	@test -r dependencies/UCO/README.md \
 34 | 	  || (echo "ERROR:Makefile:UCO submodule README.md file not found, even though that submodule is initialized." >&2 ; exit 2)
 35 | 	$(MAKE) \
 36 | 	  --directory dependencies/UCO \
 37 | 	  .git_submodule_init.done.log
 38 | 	touch $@
 39 | 
 40 | .lib.done.log: \
 41 |   .git_submodule_init.done.log
 42 | 	$(MAKE) \
 43 | 	  --directory dependencies/UCO \
 44 | 	  .lib.done.log
 45 | 	touch $@
 46 | 
 47 | # The two CASE-Utility... files are to trigger rebuilds based on command-line interface changes or version increments.
 48 | .venv.done.log: \
 49 |   dependencies/UCO/dependencies/CASE-Utility-SHACL-Inheritance-Reviewer/case_shacl_inheritance_reviewer/__init__.py \
 50 |   dependencies/UCO/dependencies/CASE-Utility-SHACL-Inheritance-Reviewer/setup.cfg \
 51 |   dependencies/UCO/requirements.txt
 52 | 	rm -rf venv
 53 | 	$(PYTHON3) -m venv \
 54 | 	  venv
 55 | 	source venv/bin/activate \
 56 | 	  && pip install \
 57 | 	    --upgrade \
 58 | 	    pip \
 59 | 	    setuptools \
 60 | 	    wheel
 61 | 	source venv/bin/activate \
 62 | 	  && pip install \
 63 | 	    dependencies/UCO/dependencies/CASE-Utility-SHACL-Inheritance-Reviewer
 64 | 	source venv/bin/activate \
 65 | 	  && pip install \
 66 | 	    --requirement dependencies/UCO/requirements.txt
 67 | 	touch $@
 68 | 
 69 | check: \
 70 |   .lib.done.log \
 71 |   .venv.done.log
 72 | 	$(MAKE) \
 73 | 	  --directory ontology \
 74 | 	  check
 75 | 	$(MAKE) \
 76 | 	  PYTHON3=$(PYTHON3) \
 77 | 	  --directory tests \
 78 | 	  check
 79 | 
 80 | clean:
 81 | 	@$(MAKE) \
 82 | 	  --directory tests \
 83 | 	  clean
 84 | 	@$(MAKE) \
 85 | 	  --directory ontology \
 86 | 	  clean
 87 | 	@test ! -r dependencies/UCO/README.md \
 88 | 	  || $(MAKE) \
 89 | 	    --directory dependencies/UCO \
 90 | 	    clean
 91 | 	@# Restore UCO validation output files that do not affect CASE build process.
 92 | 	@test ! -r dependencies/UCO/README.md \
 93 | 	  || ( \
 94 | 	    cd dependencies/UCO \
 95 | 	      && git checkout \
 96 | 	        -- \
 97 | 	        tests/examples \
 98 | 	        || true \
 99 | 	  )
100 | 	@rm -f \
101 | 	  .*.done.log
102 | 	@rm -rf \
103 | 	  venv
104 | 
105 | # This recipe maintains timestamp order.
106 | # The target file creation is handled by recursive initialization done
107 | # in the recipe for .git_submodule_init.done.log.
108 | dependencies/UCO/dependencies/CASE-Utility-SHACL-Inheritance-Reviewer/case_shacl_inheritance_reviewer/__init__.py: \
109 |   .git_submodule_init.done.log
110 | 	test -r $@
111 | 	touch -c $@
112 | 
113 | # This recipe maintains timestamp order.
114 | # The target file creation is handled by recursive initialization done
115 | # in the recipe for .git_submodule_init.done.log.
116 | dependencies/UCO/dependencies/CASE-Utility-SHACL-Inheritance-Reviewer/setup.cfg: \
117 |   .git_submodule_init.done.log
118 | 	test -r $@
119 | 	touch -c $@
120 | 
121 | # This recipe maintains timestamp order.
122 | # The target file creation is handled by initialization done in the
123 | # recipe for .git_submodule_init.done.log.
124 | dependencies/UCO/requirements.txt: \
125 |   .git_submodule_init.done.log
126 | 	test -r $@
127 | 	touch -c $@
128 | 


--------------------------------------------------------------------------------
/tests/Makefile:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/make -f
  2 | 
  3 | # Portions of this file contributed by NIST are governed by the
  4 | # following statement:
  5 | #
  6 | # This software was developed at the National Institute of Standards
  7 | # and Technology by employees of the Federal Government in the course
  8 | # of their official duties. Pursuant to Title 17 Section 105 of the
  9 | # United States Code, this software is not subject to copyright
 10 | # protection within the United States. NIST assumes no responsibility
 11 | # whatsoever for its use by other parties, and makes no guarantees,
 12 | # expressed or implied, about its quality, reliability, or any other
 13 | # characteristic.
 14 | #
 15 | # We would appreciate acknowledgement if the software is used.
 16 | 
 17 | SHELL := /bin/bash
 18 | 
 19 | top_srcdir := $(shell cd .. ; pwd)
 20 | 
 21 | case_turtle_files := $(shell /bin/ls $(top_srcdir)/ontology/*/*.ttl)
 22 | uco_turtle_files := $(shell /bin/ls $(top_srcdir)/dependencies/UCO/ontology/*/*.ttl $(top_srcdir)/dependencies/UCO/ontology/*/*/*.ttl)
 23 | 
 24 | uco_imported_ontology_files := \
 25 |   $(top_srcdir)/dependencies/UCO/dependencies/collections-ontology/collections.owl \
 26 |   $(top_srcdir)/dependencies/UCO/dependencies/error/docs/current/error.owl
 27 | 
 28 | all:
 29 | 
 30 | # Ensure the CASE-internal shapes pass their own tests.
 31 | .shapes.done.log: \
 32 |   $(top_srcdir)/.venv.done.log \
 33 |   shapes/case-qc.ttl
 34 | 	$(MAKE) \
 35 | 	  --directory shapes \
 36 | 	  check
 37 | 	touch $@
 38 | 
 39 | case_monolithic.ttl: \
 40 |   $(top_srcdir)/.lib.done.log \
 41 |   $(top_srcdir)/dependencies/UCO/tests/thing.ttl \
 42 |   $(case_turtle_files) \
 43 |   $(uco_turtle_files) \
 44 |   .shapes.done.log
 45 | 	source $(top_srcdir)/venv/bin/activate \
 46 | 	  && rdfpipe \
 47 | 	    --output-format turtle \
 48 | 	    $(case_turtle_files) \
 49 | 	    $(uco_turtle_files) \
 50 | 	    > __$@
 51 | 	# Review CASE closure for versioning consistency.
 52 | 	source $(top_srcdir)/venv/bin/activate \
 53 |           && rdfpipe \
 54 | 	  __$@ \
 55 | 	  $(imported_ontology_files) \
 56 | 	  > ___$@
 57 | 	source $(top_srcdir)/venv/bin/activate \
 58 | 	  && pyshacl \
 59 | 	    --data-file-format turtle \
 60 | 	    --format turtle \
 61 | 	    --inference none \
 62 | 	    --shacl $(top_srcdir)/dependencies/UCO/tests/shapes/uco-closure-qc.ttl \
 63 | 	    --shacl-file-format turtle \
 64 | 	    ___$@
 65 | 	# Review CASE closure with SHACL-SHACL.
 66 | 	source $(top_srcdir)/venv/bin/activate \
 67 | 	  && pyshacl \
 68 | 	    --data-file-format turtle \
 69 | 	    --format turtle \
 70 | 	    --inference none \
 71 | 	    --metashacl \
 72 | 	    --shacl ___$@ \
 73 | 	    --shacl-file-format turtle \
 74 | 	    $(top_srcdir)/dependencies/UCO/tests/thing.ttl
 75 | 	# Closure tests have passed; remove closure file.
 76 | 	rm ___$@
 77 | 	# Review CASE for practice conformance.
 78 | 	source $(top_srcdir)/venv/bin/activate \
 79 | 	  && pyshacl \
 80 | 	    --data-file-format turtle \
 81 | 	    --format turtle \
 82 | 	    --inference none \
 83 | 	    --shacl $(top_srcdir)/dependencies/UCO/tests/shapes/uco-qc.ttl \
 84 | 	    --shacl-file-format turtle \
 85 | 	    __$@
 86 | 	source $(top_srcdir)/venv/bin/activate \
 87 | 	  && pyshacl \
 88 | 	    --data-file-format turtle \
 89 | 	    --format turtle \
 90 | 	    --inference none \
 91 | 	    --shacl shapes/case-qc.ttl \
 92 | 	    --shacl-file-format turtle \
 93 | 	    __$@
 94 | 	# Review CASE for OWL 2 DL conformance.
 95 | 	source $(top_srcdir)/venv/bin/activate \
 96 | 	  && pyshacl \
 97 | 	    --data-file-format turtle \
 98 | 	    --format turtle \
 99 | 	    --inference none \
100 | 	    --shacl $(top_srcdir)/dependencies/UCO/ontology/owl/owl.ttl \
101 | 	    --shacl-file-format turtle \
102 | 	    __$@
103 | 	java -jar $(top_srcdir)/dependencies/UCO/lib/rdf-toolkit.jar \
104 | 	  --inline-blank-nodes \
105 | 	  --source __$@ \
106 | 	  --source-format turtle \
107 | 	  --target _$@ \
108 | 	  --target-format turtle
109 | 	rm __$@
110 | 	mv _$@ $@
111 | 
112 | # Note these recipe dependencies are ordered to build the faster inheritance review first.
113 | check: \
114 |   inheritance_review.ttl \
115 |   case_monolithic.ttl
116 | 	source $(top_srcdir)/venv/bin/activate \
117 | 	  && pytest \
118 | 	    --ignore examples \
119 | 	    --log-level=DEBUG
120 | 	$(MAKE) \
121 | 	  --directory examples \
122 | 	  check
123 | 
124 | clean:
125 | 	@$(MAKE) \
126 | 	  --directory examples \
127 | 	  clean
128 | 	@rm -f \
129 | 	  .*.done.log \
130 | 	  case_monolithic.ttl
131 | 
132 | inheritance_review.ttl: \
133 |   $(case_turtle_files) \
134 |   $(uco_turtle_files) \
135 |   $(top_srcdir)/.venv.done.log
136 | 	rm -f _$@
137 | 	source $(top_srcdir)/venv/bin/activate \
138 | 	  && case_shacl_inheritance_reviewer \
139 | 	    --strict \
140 | 	    _$@ \
141 | 	    $(case_turtle_files) \
142 | 	    $(uco_turtle_files) \
143 | 	    || (cat _$@ && exit 1)
144 | 	mv _$@ $@
145 | 


--------------------------------------------------------------------------------
/tests/examples/test_validation.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python3
  2 | 
  3 | # Portions of this file contributed by NIST are governed by the
  4 | # following statement:
  5 | #
  6 | # This software was developed at the National Institute of Standards
  7 | # and Technology by employees of the Federal Government in the course
  8 | # of their official duties. Pursuant to Title 17 Section 105 of the
  9 | # United States Code, this software is not subject to copyright
 10 | # protection within the United States. NIST assumes no responsibility
 11 | # whatsoever for its use by other parties, and makes no guarantees,
 12 | # expressed or implied, about its quality, reliability, or any other
 13 | # characteristic.
 14 | #
 15 | # We would appreciate acknowledgement if the software is used.
 16 | 
 17 | """
 18 | Tests in this file confirm that the JSON-LD files with "PASS" in the
 19 | name pass SHACL validation, and JSON-LD files with "XFAIL" in the name
 20 | not only fail SHACL validation, but also report a set of properties used
 21 | in their JSON-LD that triggered SHACL validation errors.
 22 | 
 23 | This test was written to be called with the pytest framework, expecting
 24 | the only functions to be called to be named "test_*".
 25 | """
 26 | 
 27 | import logging
 28 | from typing import Set
 29 | 
 30 | import pytest
 31 | import rdflib.plugins.sparql  # type: ignore
 32 | 
 33 | NS_CASE_INVESTIGATION = rdflib.Namespace("https://ontology.caseontology.org/case/investigation/")
 34 | NS_SH = rdflib.SH
 35 | NS_UCO_ACTION = rdflib.Namespace("https://ontology.unifiedcyberontology.org/uco/action/")
 36 | NS_UCO_CORE = rdflib.Namespace("https://ontology.unifiedcyberontology.org/uco/core/")
 37 | NS_UCO_LOCATION = rdflib.Namespace("https://ontology.unifiedcyberontology.org/uco/location/")
 38 | NS_UCO_OBSERVABLE = rdflib.Namespace("https://ontology.unifiedcyberontology.org/uco/observable/")
 39 | 
 40 | NSDICT = {"sh": NS_SH}
 41 | 
 42 | def load_validation_graph(
 43 |   filename : str,
 44 |   expected_conformance : bool
 45 | ) -> rdflib.Graph:
 46 |     g = rdflib.Graph()
 47 |     g.parse(filename, format="turtle")
 48 |     g.namespace_manager.bind("sh", NS_SH)
 49 | 
 50 |     query = rdflib.plugins.sparql.prepareQuery("""\
 51 | SELECT ?lConforms
 52 | WHERE {
 53 |   ?nReport
 54 |     a sh:ValidationReport ;
 55 |     sh:conforms ?lConforms ;
 56 |     .
 57 | }
 58 | """, initNs=NSDICT)
 59 | 
 60 |     computed_conformance = None
 61 |     for result in g.query(query):
 62 |         (l_conforms,) = result
 63 |         computed_conformance = bool(l_conforms)
 64 |     assert expected_conformance == computed_conformance
 65 |     return g
 66 | 
 67 | def confirm_validation_errors(
 68 |   filename : str,
 69 |   expected_error_iris : Set[str]
 70 | ) -> None:
 71 |     g = load_validation_graph(filename, False)
 72 | 
 73 |     computed_error_iris = set()
 74 | 
 75 |     query = rdflib.plugins.sparql.prepareQuery("""\
 76 | SELECT DISTINCT ?nResultPath
 77 | WHERE {
 78 |   ?nReport
 79 |     a sh:ValidationReport ;
 80 |     sh:result ?nValidationResult ;
 81 |     .
 82 | 
 83 |   ?nValidationResult
 84 |     a sh:ValidationResult ;
 85 |     sh:resultPath ?nResultPath ;
 86 |     .
 87 | }
 88 | """, initNs=NSDICT)
 89 | 
 90 |     for result in g.query(query):
 91 |         (n_result_path,) = result
 92 |         computed_error_iris.add(str(n_result_path))
 93 | 
 94 |     try:
 95 |         assert expected_error_iris == computed_error_iris
 96 |     except:
 97 |         logging.error("Please review %s and its associated .json file to identify the ground truth validation error mismatch pertaining to data properties noted in this function.", filename)
 98 |         raise
 99 | 
100 | def test_investigative_action_PASS_validation() -> None:
101 |     """
102 |     Confirm the PASS instance data passes validation.
103 |     """
104 |     g = load_validation_graph("investigative_action_PASS_validation.ttl", True)
105 |     assert isinstance(g, rdflib.Graph)
106 | 
107 | @pytest.mark.xfail(strict=True)
108 | def test_investigative_action_XFAIL_validation_XPASS_wrong_property_placement() -> None:
109 |     """
110 |     Report the XFAIL instance data XPASSes one of the induced errors - the property uco-observable:sizeInBytes is not reported as an error.
111 |     Should a SHACL mechanism later be identified to detect this error, this test can be retired, adding NS_UCO_OBSERVABLE.sizeInBytes to the expected IRI set in test_investigative_action_XFAIL_validation().
112 |     """
113 |     confirm_validation_errors(
114 |       "investigative_action_XFAIL_validation.ttl",
115 |       {
116 |         str(NS_UCO_OBSERVABLE.sizeInBytes)
117 |       }
118 |     )
119 | 
120 | def test_investigative_action_XFAIL_validation() -> None:
121 |     """
122 |     Confirm the XFAIL instance data fails validation based on an expected set of properties not conforming to shape constraints.
123 |     """
124 |     confirm_validation_errors(
125 |       "investigative_action_XFAIL_validation.ttl",
126 |       {
127 |         str(NS_CASE_INVESTIGATION.exhibitNumber),
128 |         str(NS_CASE_INVESTIGATION.rootExhibitNumber)
129 |       }
130 |     )
131 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/change-request.md:
--------------------------------------------------------------------------------
  1 | ---
  2 | name: Change Request
  3 | about: Propose a Change Request.
  4 | title: ''
  5 | labels: change request
  6 | assignees: ''
  7 | ---
  8 | 
  9 | <!--
 10 | Note that text between the HTML comments will be recorded in this issue's source for future editing, but will not render on Github.  So, please delete whatever portion of these comments you do not use.
 11 | 
 12 | Also, the Description box of the Issue you file will be edited at one or more points.  At least one edit will be done by a member of the Ontology Committee leadership to add a coordination-steps checklist.  Comment edit history is viewable:
 13 | https://docs.github.com/en/communities/moderating-comments-and-conversations/tracking-changes-in-a-comment
 14 | -->
 15 | 
 16 | # Background
 17 | 
 18 | <!--
 19 | Give any background you find helpful, if you feel jumping straight to listing requirements might not flow well to a reader.  For instance, if revising a current implementation, explain what that implementation does and why it seems worth changing to you.
 20 | 
 21 | It is helpful to at least provide a one-sentence comprehensive answer to the question "What do we achieve for whom and why does that matter?"
 22 | -->
 23 | 
 24 | 
 25 | # Requirements
 26 | 
 27 | <!--Please provide one requirement per subsection.  (The use of sections is for linking to headers on Github.)-->
 28 | 
 29 | 
 30 | ## Requirement 1
 31 | 
 32 | 
 33 | ## Requirement 2
 34 | 
 35 | 
 36 | # Risk / Benefit analysis
 37 | 
 38 | 
 39 | ## Benefits
 40 | 
 41 | 
 42 | ## Risks
 43 | 
 44 | <!--
 45 | If no risks are known, "The submitter is unaware of risks associated with this change" might suffice.
 46 | 
 47 | Risks should include consequences for CDO resources (ontologies, documentation, and/or tooling) resulting from this Change Request.  Consequences can relate to impediments or degradations to functionality, interoperability, reliability, usability, efficiency, maintainability or portability.
 48 | 
 49 | As risks are identified (e.g. as implementation-testing might reveal), they will be added to this section.
 50 | -->
 51 | 
 52 | 
 53 | # Competencies demonstrated
 54 | 
 55 | <!--
 56 | Please describe at least one enabled or upgraded competency, e.g. a competency question (CQ) you can answer with this proposal that you couldn't answer before. Probably, in order to show how the resulting answer emerges, some narrative or scenario is required to be described. As a minimum, describe the questions and resulting answers in English; optionally, include a SPARQL query or a link to a functioning draft implementation of this proposal that includes a SPARQL query.
 57 | 
 58 | Please do consider a scenario that can have ground truth positive and ground truth negative encoded for implementation testing.  For instance, a scenario for CASE that exercises the uco-action:instrument property could be "Three picture files were produced on an analyst's workstation over the course of an investigation."  A competency question for this scenario could be "Which picture files were taken from the evidence, vs. taken of the evidence?"  The results would be "From reviewing the investigative actions in the chain of custody, picture files generated when the instrument was the analyst's camera would be 'taken of', while picture files generated when the instrument was a data extraction kiosk would be 'taken from.'"
 59 | -->
 60 | 
 61 | 
 62 | ## Competency 1
 63 | 
 64 | <!--
 65 | Include competency narrative or scenario text here, as the preamble to the questions.
 66 | -->
 67 | 
 68 | 
 69 | ### Competency Question 1.1
 70 | 
 71 | 
 72 | #### Result 1.1
 73 | 
 74 | 
 75 | ### Competency Question 1.2
 76 | 
 77 | <!--
 78 | One scenario setup can fuel multiple questions.  To help with linking on Github, please use section numbering.
 79 | -->
 80 | 
 81 | 
 82 | #### Result 1.2
 83 | 
 84 | 
 85 | # Solution suggestion
 86 | 
 87 | <!--
 88 | If possible, please summarize the concrete steps to take to satisfy the requirements, e.g.:
 89 | * Define new property
 90 | * Add unit test showing potential errors in property usage and how to avoid them
 91 | 
 92 | To assist with voting, the Ontology Committee should see a summary of intended changes as early as possible.  Please do summarize steps and effects, even if a Pull Request accompanies the Issue.  Discovery of effects from implementation review can lead to disruption in the committee review flow.
 93 | 
 94 | Some requirements are narrow enough they could be considered "Self-documenting."  One way to estimate if this is true is if a lone Git commit could have the requirement as a title, have no further message text, and be comprehensible.  In such cases, the following text could be used (though please cut the leading "> " if this line is used):
 95 | 
 96 | > Requirement 1 also fully describes the solution, implemented in [PR X](https://github.com/ucoProject/UCO/pull/X).
 97 | 
 98 | If there is an accompanying pull request, please do link it under the "Development" box on the right of the Issues page.
 99 | 
100 | If example snippets of instance data are provided, please note if you provide permission for the examples to be transcribed to one of the tested example repositories (such as CASE-Examples).  This is a significant aid in confirming examples represent the semantics that the submitter intended.  "I am fine with my examples being transcribed and credited" should be sufficient.
101 | -->
102 | 


--------------------------------------------------------------------------------
/ChangeLog:
--------------------------------------------------------------------------------
  1 | 2025-03-18
  2 | 	* (7ecdaf4) UCO Issue 629: Revise vocabulary pattern
  3 | 
  4 | 2025-02-13
  5 | 	* (256b474) UCO Issue 640: Add `core:informalType` and link as parent of type-describing properties
  6 | 
  7 | 2024-12-19
  8 | 	* (a0a62e9) Issue 167: Adjust top Makefile dependency ordering in submodule initialization
  9 | 
 10 | 2024-11-23
 11 | 	* (b5720af) UCO Issue 624: Add cpeid to DeviceFacet
 12 | 
 13 | 2024-11-08
 14 | 	* (96d45fb) UCO Issue 632: Prepare OperatingSystem to become a subclass of Software
 15 | 	* (f759e47) Pull Request 164: Update NIST licensing text 
 16 | 	* (2eb3991) UCO Pull Request 642: Update NIST licensing text 
 17 | 
 18 | 2024-11-07
 19 | 	* (820d63d) UCO Pull Request 639: Bump GitHub Action versions
 20 | 	* (cc5535e) UCO Pull Request 638: Refresh validation files to reflect validation tool template updates
 21 | 
 22 | 2024-10-18
 23 | 	* (557269c) UCO Issue 593: Remove owl:onDatatype from vocabulary definitions
 24 | 
 25 | 2024-10-16
 26 | 	* (8a353f8) UCO Issue 612: Warn if a `Disk` instance is not also a `StorageMedium`
 27 | 
 28 | 2024-09-11
 29 | 	* (8ba5929) UCO Issue 549: Add `core:objectStatus`
 30 | 
 31 | 2024-07-26
 32 | 	* (b93add7) UCO Issue 602: Warn about key-uniqueness enforcement to `types:Dictionary`
 33 | 
 34 | 2024-06-18
 35 | 	* (0d409cc) UCO Issue 609: Fix typo
 36 | 
 37 | 2024-06-10
 38 | 	* (5cf57b7) UCO Issues 586, 590: Warn of prior disjointedness declarations in `core:` and `types:`; warn if an `AlternateDataStream` instance is not also a `FileSystemObject`
 39 | 
 40 | 2024-05-01
 41 | 	* (50eb05b) UCO Issues 573, 584, 599: Warn if target or source on an `ObservableRelationship` are not `Observable`s; replace errant reference to non-existent concept `owl:Datatype`; remove 1-member minimum on `core:ContextualCompilation`
 42 | 
 43 | 2024-01-24
 44 | 	* OCCASE-495: Release CASE 1.3.0, with release notes at https://caseontology.org/releases/1.3.0/
 45 | 
 46 | 2024-01-24
 47 | 	* (79afa93) UCO Pull Request 579: Update change request template
 48 | 
 49 | 2024-01-22
 50 | 	* (caf5bd3) UCO Issue 571: Reduce UCO OWL RDF List review scope to OWL Sequences
 51 | 
 52 | 2023-12-05
 53 | 	* (279d2b7) UCO Issue 563: Designate action:Action and core:Event disjoint
 54 | 
 55 | 2023-11-16
 56 | 	* (24ea57f) UCO Issue 541: Add Event
 57 | 
 58 | 2023-10-20
 59 | 	* (8c8fa59) UCO Issue 536: Declare and warn of observable:File and :URL disjointedness
 60 | 
 61 | 2023-03-29
 62 | 	* ONT-494: Release CASE 1.2.0, with release notes at https://caseontology.org/releases/1.2.0/
 63 | 
 64 | 2023-03-28
 65 | 	* (0cb7b85) UCO Issue 449: Enable generating Protégé catalog files
 66 | 
 67 | 2022-11-22
 68 | 	* ONT-491: Release CASE 1.1.0, with release notes at https://caseontology.org/releases/1.1.0/
 69 | 
 70 | 2022-11-18
 71 | 	* (9922288) Issue 119: Test for concept-membership of used design vocabularies
 72 | 	* (137fff8) UCO Issue 491: Bump UCO to remove owl:ontologyIRI concept review
 73 | 	* (48e9d58) UCO Issue 493: Trigger CI on all branches starting with "develop" and "unstable"
 74 | 	* (ae27b42) UCO Issue 504: Test monolithic build with SHACL-SHACL
 75 | 
 76 | 2022-08-31
 77 | 	* ONT-295: Release CASE 1.0.0, with release notes at https://caseontology.org/releases/1.0.0/
 78 | 	* (761b058): Adopt UCO 1.0.0
 79 | 	* (40c4ba1): UCO Issue 430: Require non-blank nodes in graph data
 80 | 	* (33a0c3e): UCO Issue 437: Adopt priorVersion practice prepared for UCO 1.0.0
 81 | 	* ONT-410: Release CASE 0.7.1, with release notes at https://caseontology.org/releases/0.7.1/
 82 | 	* (5b8c03f): UCO Issue 437: Adopt UCO 0.9.1
 83 | 	* (e673017): UCO OC-217, CP-107: Revise ontology IRI to be slash-based and drop IRI base
 84 | 	* (0e7337e): UCO Issue 437: Adopt versionIRI practice prepared for UCO 0.9.1
 85 | 
 86 | 2022-08-30
 87 | 	* (d9db048): CASE Issue 106: Removed legacy requirements.txt
 88 | 
 89 | 2022-08-23
 90 | 	* (25bc31e): CASE Issue 98: Change minCount from 1 to 0 on multiple properties on Investigation object
 91 | 	* (8c4322c): ONT-467: Vocabulary datatypes are OWL-syntactically incomplete (Fix OWL syntax of CASE datatype)
 92 | 
 93 | 2022-08-22
 94 | 	* (52834ea): UCO Issue 406: UCO should perform OWL 2 DL review with SHACL-SPARQL
 95 | 	* (cd82078): UCO OC-217, CP-107: Revise ontology IRI to be slash-based and drop IRI base 
 96 | 	* (4f4731f): UCO Issue 387: Adapt for UCO files being under different directories
 97 | 	* (a495369): UCO CP-100: Apply semi-open vocabulary patterns
 98 | 	* (2a5af00): UCO Issue 424: Replace UCO glom_graph.py reference with rdfpipe
 99 | 
100 | 2022-06-17
101 | 	* ONT-476: Release CASE 0.7.0, with release notes at https://caseontology.org/releases/0.7.0/
102 | 
103 | 2022-06-16
104 | 	* (3d13cc1): Adopt UCO 0.9.0
105 | 
106 | 2022-06-14
107 | 	* (6ff8e99) UCO Issue 373: Upgraded Java to 11 and rdf-toolkit to post-1.10.0; delegated rdf-toolkit retrieval to UCO implementation
108 | 
109 | 2022-06-10
110 | 	* (07810a2) ONT-465: Updated syntax surrounding ExaminerActionLifecycle
111 | 
112 | 2022-03-24
113 | 	* ONT-463: Release CASE 0.6.0, with release notes at https://caseontology.org/releases/0.6.0/
114 | 
115 | 2022-03-23
116 | 	* (a1b5d0b) ONT-471: Adopt UCO 0.8.0
117 | 	* (8f7c87a) ONT-438, CP-36: Corrected rootExhibitNumber definition issues and aligned with exhibitNumber
118 | 	* CP-36: https://drive.google.com/file/d/114XogkDDIqciWuJBJ3oRlMR5HoHCXwU7/view
119 | 
120 | 2022-03-08
121 | 	* (cc19756) UCO OC-62, CP-89: Removed ActionReferencesFacet
122 | 	* (bfc6d02) UCO OC-125, CP-56: Updated UCO ontology file paths
123 | 	* (bc99cf7) UCO OC-217, CP-107: Revised ontology IRI structure as in CASE CP-34
124 | 
125 | 2022-02-14
126 | 	* (ee4143d) ONT-468, CP-44: Made sh:targetClass shape application statements consistent between CASE and UCO
127 | 	* CP-44: https://drive.google.com/file/d/1GN9lbqTpWLiU-TGPj53wYQzTQ9AvYb4l/view
128 | 	
129 | 2021-10-26
130 | 	* ONT-437: Release CASE 0.5.0, with release notes at https://caseontology.org/releases/0.5.0/
131 | 
132 | 2021-09-17
133 | 	* (21b3a1c) ONT-456, CP-41: Converted current property restrictions and domain assertions to SHACL class shapes
134 | 	* CP-41: https://drive.google.com/file/d/1sKFTTiEe-LmQLEG1Bowf52QF1VPZDssL/view
135 | 	* (1652d7c) ONT-455, CP-40: Adopted UCO 0.7.0 as a Git submodule
136 | 	* CP-40: https://drive.google.com/file/d/1JqPx0ngdFKGxxOgGD1UgwuT9LgM4SKUV/view
137 | 	* (b82a101) ONT-462, CP-42: Removed investigation-namespaced startTime and endTime properties from investigation-da.ttl
138 | 	* CP-42: https://drive.google.com/file/d/1JDkSrI7bpVtr2aJ_8lLLa0BrLnBKpEOp/view
139 | 
140 | 2021-09-08
141 | 	* (f79ac53) ONT-442, CP-37: Fixed broken link to website examples gallery in README
142 | 	* CP-37: https://drive.google.com/file/d/16maCSg22Tfwro3OXajT6aYXfLhiihgL4/view
143 | 
144 | 2021-06-02
145 | 	* ONT-400: Release CASE 0.4.0, with release notes at https://caseontology.org/releases/0.4.0/
146 | 
147 | 2021-06-01
148 | 	* (b9f0f7b) ONT-435, CP-34: Revised CASE IRI structure to support granular resource service (applied for CASE 0.4.0)
149 | 	* CP-34: https://drive.google.com/file/d/1J2UeRVeG_CCloTwo9Do628zvWcIpO5GR/view
150 | 
151 | 2021-05-24
152 | 	* (d3531dd) ONT-403, CP-22: Added rootExhibitNumber property to ProvenanceRecord
153 | 	* CP-22: https://drive.google.com/file/d/1_nWd8IV8pBgXBACE_kFQd-eg3jTH8-Qp/view
154 | 
155 | 2021-05-19
156 | 	* (c1d5e2e) ONT-436, CP-35: Defined exhibitNumber in ProvenanceRecord
157 | 	* CP-35: https://drive.google.com/file/d/1LbLZnDXZlq-8n92iz55n0fQD46c-pa4w/view
158 | 
159 | 2021-04-28
160 | 	* (bf4c72b) ONT-390, CP-21: Add direct node-linking predicates for transitive provenance querying
161 | 	* CP-21: https://drive.google.com/file/d/1EJnOYgJfDoDZteFsNxxCbxgQqiqVDL_L/view
162 | 
163 | 2021-04-22
164 | 	* (ffcd5cb) ONT-418, CP-27: Revise merge review procedures and ChangeLog format to allow asynchronous change proposal posting
165 | 	* CP-27: https://drive.google.com/file/d/17AUfa4EWe9-Tbv5wT46fM0q5LIWMzuYT/view
166 | 
167 | 2021-03-18
168 | 	* ONT-362: Release CASE 0.3.0, with release notes at https://caseontology.org/releases/0.3.0/
169 | 
170 | 2021-03-18
171 | 	* (22b313d) ONT-413, CP-25: Defined and used prefixes for imported concepts (new feature)
172 | 	* CP-25: https://drive.google.com/file/d/1HUeY8AHxsnukP0sFOvsPQZRuyNbqcf6n/view
173 | 
174 | 2021-03-17
175 | 	* (f754fd4) ONT-379, CP-18: Updated and improve Investigation namespace class definition comments for clarity and consistency (new feature)
176 | 	* CP-18: https://drive.google.com/file/d/1AmVX6x2ZORr2-h2OIXug2PiptYaHcvuh/view
177 | 
178 | 2021-03-16
179 | 	* (a8209d7) ONT-363, CP-15: Removed intermediate role classes (breaking change)
180 | 	* CP-15: https://drive.google.com/file/d/1PLcPA3TSDqt7wX84SYlezC1thK_Sznrc/view
181 | 	* (b515a81) ONT-251, CP-16: Established unit tests and Continuous Integration for ontology repository (new feature)
182 | 	* CP-16: https://drive.google.com/file/d/1622v5k7fXo2fjDs_EzfhbTyvWIjDBZv-/view
183 | 
184 | 2020-08-19
185 | 	* ONT-293: Release CASE 0.2.0, with release notes at https://caseontology.org/releases/0.2.0/
186 | 
187 | 2020-08-13
188 | 	* (19b698a) ONT-314, CP-12: Removed documentation generated for CASE 0.1.0 (breaking change)
189 | 	* CP-12: https://drive.google.com/file/d/1LE2P12w66TjIFVah567gyKbYWYkZziP5/view
190 | 	* (1d9b468) ONT-140, CP-6: Linked Style Guidance as development practice (new feature)
191 | 	* CP-6: https://drive.google.com/file/d/1jlCFCuL4BDojJOsIzR8asJjf-lAp8uLd/view
192 | 	* (965f5e4) ONT-231, CP-10: Resolved naming inconsistency and associated equivalent class complexity (breaking change)
193 | 	* CP-10: https://drive.google.com/file/d/1lut9Km0rYp2Iaftz7m0f4u50R4YD60F6/view
194 | 
195 | 2020-08-12
196 | 	* (12a081a) ONT-318, CP-13: Updated ontology README to reflect website and Jira (bugfix)
197 | 	* CP-13: https://drive.google.com/file/d/1fJoDjMjfbaXw0BWKKZ_9mK-gZzoJpgFS/view
198 | 	* (cd8b27f) ONT-281, CP-9: Moved investigation.ttl and related vocabulary into CASE from UCO (new feature)
199 | 	* CP-9: https://drive.google.com/file/d/1TNL7NtkSy4Veo1eObJGCmMGvmmxqeCJB/view
200 | 	* (fe7f069) ONT-288, CP-11: ChangeLog format selected (new feature)
201 | 	* CP-11: https://drive.google.com/file/d/1zWjQ_uhhVxEjkqS2mrcabT4tNh8s0JQx/view
202 | 
203 | 2020-07-29
204 | 	* (07e6c12) ONT-144, CP-7: Moved examples directory to own repository, CASE-Examples (new feature, breaking change)
205 | 	* CP-7: https://drive.google.com/file/d/1DiLxBTQYt0FQSdjn3mX6RabhqK9QbiDo/view
206 | 
207 | 2020-06-16
208 | 	* (2fed9a5) ONT-5, CP-3: Established ontology normalization procedure (new feature)
209 | 	* CP-3: https://caseontology.org/resources/references/CASE%20Change%20Proposal%203.zip
210 | 
211 | 2020-04-01
212 | 	* (5c2a19b) ONT-201, CP-8: Renamed "propertyBundle" to "hasPropertyBundle", per CASE Style Guide
213 | 	* CP-8: https://caseontology.org/resources/references/CASE%20Change%20Proposal%208.zip
214 | 
215 | 2019-08-06
216 | 	* (ca5ca15) ONT-51, CP-4: Separated CASE ontology files by namespace (breaking change)
217 | 
218 | 2019-07-13
219 | 	* (93b40ac) ONT-51, CP-4: Removed prototype contents of case.ttl file (breaking change)
220 | 	* CP-4: https://drive.google.com/file/d/1CE9sfrc-czegRX15Q5xeqaffAfAH06ov/view
221 | 	* (93b40ac) ONT-53, CP-2: Changed namespace to caseontology.org (new feature, breaking change)
222 | 	* CP-2: https://drive.google.com/file/d/1_J3994JiPA5PMIHfno9x-NeXKaHFVCrJ/view
223 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
  1 |                                  Apache License
  2 |                            Version 2.0, January 2004
  3 |                         http://www.apache.org/licenses/
  4 | 
  5 |    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
  6 | 
  7 |    1. Definitions.
  8 | 
  9 |       "License" shall mean the terms and conditions for use, reproduction,
 10 |       and distribution as defined by Sections 1 through 9 of this document.
 11 | 
 12 |       "Licensor" shall mean the copyright owner or entity authorized by
 13 |       the copyright owner that is granting the License.
 14 | 
 15 |       "Legal Entity" shall mean the union of the acting entity and all
 16 |       other entities that control, are controlled by, or are under common
 17 |       control with that entity. For the purposes of this definition,
 18 |       "control" means (i) the power, direct or indirect, to cause the
 19 |       direction or management of such entity, whether by contract or
 20 |       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 21 |       outstanding shares, or (iii) beneficial ownership of such entity.
 22 | 
 23 |       "You" (or "Your") shall mean an individual or Legal Entity
 24 |       exercising permissions granted by this License.
 25 | 
 26 |       "Source" form shall mean the preferred form for making modifications,
 27 |       including but not limited to software source code, documentation
 28 |       source, and configuration files.
 29 | 
 30 |       "Object" form shall mean any form resulting from mechanical
 31 |       transformation or translation of a Source form, including but
 32 |       not limited to compiled object code, generated documentation,
 33 |       and conversions to other media types.
 34 | 
 35 |       "Work" shall mean the work of authorship, whether in Source or
 36 |       Object form, made available under the License, as indicated by a
 37 |       copyright notice that is included in or attached to the work
 38 |       (an example is provided in the Appendix below).
 39 | 
 40 |       "Derivative Works" shall mean any work, whether in Source or Object
 41 |       form, that is based on (or derived from) the Work and for which the
 42 |       editorial revisions, annotations, elaborations, or other modifications
 43 |       represent, as a whole, an original work of authorship. For the purposes
 44 |       of this License, Derivative Works shall not include works that remain
 45 |       separable from, or merely link (or bind by name) to the interfaces of,
 46 |       the Work and Derivative Works thereof.
 47 | 
 48 |       "Contribution" shall mean any work of authorship, including
 49 |       the original version of the Work and any modifications or additions
 50 |       to that Work or Derivative Works thereof, that is intentionally
 51 |       submitted to Licensor for inclusion in the Work by the copyright owner
 52 |       or by an individual or Legal Entity authorized to submit on behalf of
 53 |       the copyright owner. For the purposes of this definition, "submitted"
 54 |       means any form of electronic, verbal, or written communication sent
 55 |       to the Licensor or its representatives, including but not limited to
 56 |       communication on electronic mailing lists, source code control systems,
 57 |       and issue tracking systems that are managed by, or on behalf of, the
 58 |       Licensor for the purpose of discussing and improving the Work, but
 59 |       excluding communication that is conspicuously marked or otherwise
 60 |       designated in writing by the copyright owner as "Not a Contribution."
 61 | 
 62 |       "Contributor" shall mean Licensor and any individual or Legal Entity
 63 |       on behalf of whom a Contribution has been received by Licensor and
 64 |       subsequently incorporated within the Work.
 65 | 
 66 |    2. Grant of Copyright License. Subject to the terms and conditions of
 67 |       this License, each Contributor hereby grants to You a perpetual,
 68 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 69 |       copyright license to reproduce, prepare Derivative Works of,
 70 |       publicly display, publicly perform, sublicense, and distribute the
 71 |       Work and such Derivative Works in Source or Object form.
 72 | 
 73 |    3. Grant of Patent License. Subject to the terms and conditions of
 74 |       this License, each Contributor hereby grants to You a perpetual,
 75 |       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 76 |       (except as stated in this section) patent license to make, have made,
 77 |       use, offer to sell, sell, import, and otherwise transfer the Work,
 78 |       where such license applies only to those patent claims licensable
 79 |       by such Contributor that are necessarily infringed by their
 80 |       Contribution(s) alone or by combination of their Contribution(s)
 81 |       with the Work to which such Contribution(s) was submitted. If You
 82 |       institute patent litigation against any entity (including a
 83 |       cross-claim or counterclaim in a lawsuit) alleging that the Work
 84 |       or a Contribution incorporated within the Work constitutes direct
 85 |       or contributory patent infringement, then any patent licenses
 86 |       granted to You under this License for that Work shall terminate
 87 |       as of the date such litigation is filed.
 88 | 
 89 |    4. Redistribution. You may reproduce and distribute copies of the
 90 |       Work or Derivative Works thereof in any medium, with or without
 91 |       modifications, and in Source or Object form, provided that You
 92 |       meet the following conditions:
 93 | 
 94 |       (a) You must give any other recipients of the Work or
 95 |           Derivative Works a copy of this License; and
 96 | 
 97 |       (b) You must cause any modified files to carry prominent notices
 98 |           stating that You changed the files; and
 99 | 
100 |       (c) You must retain, in the Source form of any Derivative Works
101 |           that You distribute, all copyright, patent, trademark, and
102 |           attribution notices from the Source form of the Work,
103 |           excluding those notices that do not pertain to any part of
104 |           the Derivative Works; and
105 | 
106 |       (d) If the Work includes a "NOTICE" text file as part of its
107 |           distribution, then any Derivative Works that You distribute must
108 |           include a readable copy of the attribution notices contained
109 |           within such NOTICE file, excluding those notices that do not
110 |           pertain to any part of the Derivative Works, in at least one
111 |           of the following places: within a NOTICE text file distributed
112 |           as part of the Derivative Works; within the Source form or
113 |           documentation, if provided along with the Derivative Works; or,
114 |           within a display generated by the Derivative Works, if and
115 |           wherever such third-party notices normally appear. The contents
116 |           of the NOTICE file are for informational purposes only and
117 |           do not modify the License. You may add Your own attribution
118 |           notices within Derivative Works that You distribute, alongside
119 |           or as an addendum to the NOTICE text from the Work, provided
120 |           that such additional attribution notices cannot be construed
121 |           as modifying the License.
122 | 
123 |       You may add Your own copyright statement to Your modifications and
124 |       may provide additional or different license terms and conditions
125 |       for use, reproduction, or distribution of Your modifications, or
126 |       for any such Derivative Works as a whole, provided Your use,
127 |       reproduction, and distribution of the Work otherwise complies with
128 |       the conditions stated in this License.
129 | 
130 |    5. Submission of Contributions. Unless You explicitly state otherwise,
131 |       any Contribution intentionally submitted for inclusion in the Work
132 |       by You to the Licensor shall be under the terms and conditions of
133 |       this License, without any additional terms or conditions.
134 |       Notwithstanding the above, nothing herein shall supersede or modify
135 |       the terms of any separate license agreement you may have executed
136 |       with Licensor regarding such Contributions.
137 | 
138 |    6. Trademarks. This License does not grant permission to use the trade
139 |       names, trademarks, service marks, or product names of the Licensor,
140 |       except as required for reasonable and customary use in describing the
141 |       origin of the Work and reproducing the content of the NOTICE file.
142 | 
143 |    7. Disclaimer of Warranty. Unless required by applicable law or
144 |       agreed to in writing, Licensor provides the Work (and each
145 |       Contributor provides its Contributions) on an "AS IS" BASIS,
146 |       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 |       implied, including, without limitation, any warranties or conditions
148 |       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 |       PARTICULAR PURPOSE. You are solely responsible for determining the
150 |       appropriateness of using or redistributing the Work and assume any
151 |       risks associated with Your exercise of permissions under this License.
152 | 
153 |    8. Limitation of Liability. In no event and under no legal theory,
154 |       whether in tort (including negligence), contract, or otherwise,
155 |       unless required by applicable law (such as deliberate and grossly
156 |       negligent acts) or agreed to in writing, shall any Contributor be
157 |       liable to You for damages, including any direct, indirect, special,
158 |       incidental, or consequential damages of any character arising as a
159 |       result of this License or out of the use or inability to use the
160 |       Work (including but not limited to damages for loss of goodwill,
161 |       work stoppage, computer failure or malfunction, or any and all
162 |       other commercial damages or losses), even if such Contributor
163 |       has been advised of the possibility of such damages.
164 | 
165 |    9. Accepting Warranty or Additional Liability. While redistributing
166 |       the Work or Derivative Works thereof, You may choose to offer,
167 |       and charge a fee for, acceptance of support, warranty, indemnity,
168 |       or other liability obligations and/or rights consistent with this
169 |       License. However, in accepting such obligations, You may act only
170 |       on Your own behalf and on Your sole responsibility, not on behalf
171 |       of any other Contributor, and only if You agree to indemnify,
172 |       defend, and hold each Contributor harmless for any liability
173 |       incurred by, or claims asserted against, such Contributor by reason
174 |       of your accepting any such warranty or additional liability.
175 | 
176 |    END OF TERMS AND CONDITIONS
177 | 
178 |    APPENDIX: How to apply the Apache License to your work.
179 | 
180 |       To apply the Apache License to your work, attach the following
181 |       boilerplate notice, with the fields enclosed by brackets "[]"
182 |       replaced with your own identifying information. (Don't include
183 |       the brackets!)  The text should be enclosed in the appropriate
184 |       comment syntax for the file format. We also recommend that a
185 |       file or class name and description of purpose be included on the
186 |       same "printed page" as the copyright notice for easier
187 |       identification within third-party archives.
188 | 
189 |    Copyright [yyyy] [name of copyright owner]
190 | 
191 |    Licensed under the Apache License, Version 2.0 (the "License");
192 |    you may not use this file except in compliance with the License.
193 |    You may obtain a copy of the License at
194 | 
195 |        http://www.apache.org/licenses/LICENSE-2.0
196 | 
197 |    Unless required by applicable law or agreed to in writing, software
198 |    distributed under the License is distributed on an "AS IS" BASIS,
199 |    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 |    See the License for the specific language governing permissions and
201 |    limitations under the License.
202 | 


--------------------------------------------------------------------------------
/ontology/investigation/investigation.ttl:
--------------------------------------------------------------------------------
  1 | # imports: https://ontology.caseontology.org/case/vocabulary/1.4.0
  2 | # imports: https://ontology.unifiedcyberontology.org/uco/action/1.4.0
  3 | # imports: https://ontology.unifiedcyberontology.org/uco/role/1.4.0
  4 | 
  5 | @prefix investigation: <https://ontology.caseontology.org/case/investigation/> .
  6 | @prefix owl: <http://www.w3.org/2002/07/owl#> .
  7 | @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
  8 | @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
  9 | @prefix sh: <http://www.w3.org/ns/shacl#> .
 10 | @prefix uco-action: <https://ontology.unifiedcyberontology.org/uco/action/> .
 11 | @prefix uco-core: <https://ontology.unifiedcyberontology.org/uco/core/> .
 12 | @prefix uco-role: <https://ontology.unifiedcyberontology.org/uco/role/> .
 13 | @prefix vocabulary: <https://ontology.caseontology.org/case/vocabulary/> .
 14 | @prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
 15 | 
 16 | <https://ontology.caseontology.org/case/investigation>
 17 | 	a owl:Ontology ;
 18 | 	rdfs:label "investigation"@en ;
 19 | 	rdfs:comment "This ontology defines key concepts, and their associated properties and relationships, for characterizing cyber-investigations in the broadest range of contexts, including security incidents, criminal investigations, civil and regulatory matters, intelligence operations, international disputes, accident inquiries, policy violations, and others." ;
 20 | 	owl:backwardCompatibleWith investigation:1.3.0 ;
 21 | 	owl:imports
 22 | 		vocabulary:1.4.0 ,
 23 | 		uco-action:1.4.0 ,
 24 | 		uco-role:1.4.0
 25 | 		;
 26 | 	owl:priorVersion investigation:1.3.0 ;
 27 | 	owl:versionIRI investigation:1.4.0 ;
 28 | 	.
 29 | 
 30 | investigation:Attorney
 31 | 	a
 32 | 		owl:Class ,
 33 | 		sh:NodeShape
 34 | 		;
 35 | 	rdfs:subClassOf uco-role:Role ;
 36 | 	rdfs:label "Attorney"@en ;
 37 | 	rdfs:comment "Attorney is a role involved in preparing, interpreting, and applying law."@en ;
 38 | 	sh:targetClass investigation:Attorney ;
 39 | 	.
 40 | 
 41 | investigation:Authorization
 42 | 	a
 43 | 		owl:Class ,
 44 | 		sh:NodeShape
 45 | 		;
 46 | 	rdfs:subClassOf uco-core:UcoObject ;
 47 | 	rdfs:label "Authorization"@en ;
 48 | 	rdfs:comment "An authorization is a grouping of characteristics unique to some form of authoritative permission identified for investigative action."@en ;
 49 | 	sh:property
 50 | 		[
 51 | 			sh:datatype xsd:dateTime ;
 52 | 			sh:maxCount "1"^^xsd:integer ;
 53 | 			sh:nodeKind sh:Literal ;
 54 | 			sh:path uco-core:endTime ;
 55 | 		] ,
 56 | 		[
 57 | 			sh:datatype xsd:dateTime ;
 58 | 			sh:maxCount "1"^^xsd:integer ;
 59 | 			sh:nodeKind sh:Literal ;
 60 | 			sh:path uco-core:startTime ;
 61 | 		] ,
 62 | 		[
 63 | 			sh:datatype xsd:string ;
 64 | 			sh:maxCount "1"^^xsd:integer ;
 65 | 			sh:nodeKind sh:Literal ;
 66 | 			sh:path investigation:authorizationType ;
 67 | 		] ,
 68 | 		[
 69 | 			sh:datatype xsd:string ;
 70 | 			sh:nodeKind sh:Literal ;
 71 | 			sh:path investigation:authorizationIdentifier ;
 72 | 		]
 73 | 		;
 74 | 	sh:targetClass investigation:Authorization ;
 75 | 	.
 76 | 
 77 | investigation:Examiner
 78 | 	a
 79 | 		owl:Class ,
 80 | 		sh:NodeShape
 81 | 		;
 82 | 	rdfs:subClassOf uco-role:Role ;
 83 | 	rdfs:label "Examiner"@en ;
 84 | 	rdfs:comment "Examiner is a role involved in providing scientific evaluations of evidence that are used to aid law enforcement investigations and court cases."@en ;
 85 | 	sh:targetClass investigation:Examiner ;
 86 | 	.
 87 | 
 88 | investigation:ExaminerActionLifecycle
 89 | 	a
 90 | 		owl:Class ,
 91 | 		sh:NodeShape
 92 | 		;
 93 | 	rdfs:subClassOf uco-action:ActionLifecycle ;
 94 | 	rdfs:label "ExaminerActionLifecycle"@en ;
 95 | 	rdfs:comment "An examiner action lifecycle is an action pattern consisting of an ordered set of actions or subordinate action-lifecycles performed by an entity acting in a role involved in providing scientific evaluations of evidence that is used to aid law enforcement investigations and court cases."@en ;
 96 | 	sh:targetClass investigation:ExaminerActionLifecylce ;
 97 | 	.
 98 | 
 99 | investigation:Investigation
100 | 	a
101 | 		owl:Class ,
102 | 		sh:NodeShape
103 | 		;
104 | 	rdfs:subClassOf uco-core:ContextualCompilation ;
105 | 	rdfs:label "Investigation"@en ;
106 | 	rdfs:comment "An investigation is a grouping of characteristics unique to an exploration of the facts involved in a cyber-relevant set of suspicious activity."@en ;
107 | 	sh:property
108 | 		investigation:Investigation-investigationForm-in-shape ,
109 | 		[
110 | 			sh:class investigation:Authorization ;
111 | 			sh:nodeKind sh:BlankNodeOrIRI ;
112 | 			sh:path investigation:relevantAuthorization ;
113 | 		] ,
114 | 		[
115 | 			sh:datatype xsd:dateTime ;
116 | 			sh:maxCount "1"^^xsd:integer ;
117 | 			sh:nodeKind sh:Literal ;
118 | 			sh:path uco-core:endTime ;
119 | 		] ,
120 | 		[
121 | 			sh:datatype xsd:dateTime ;
122 | 			sh:maxCount "1"^^xsd:integer ;
123 | 			sh:nodeKind sh:Literal ;
124 | 			sh:path uco-core:startTime ;
125 | 		] ,
126 | 		[
127 | 			sh:datatype xsd:string ;
128 | 			sh:maxCount "1"^^xsd:integer ;
129 | 			sh:nodeKind sh:Literal ;
130 | 			sh:path investigation:investigationStatus ;
131 | 		] ,
132 | 		[
133 | 			sh:datatype xsd:string ;
134 | 			sh:message "As of CASE 1.4.0, the datatype to use for investigation:investigationForm should be xsd:string.  Not using xsd:string will be an error in CASE 2.0.0." ;
135 | 			sh:path investigation:investigationForm ;
136 | 			sh:severity sh:Warning ;
137 | 		] ,
138 | 		[
139 | 			sh:datatype xsd:string ;
140 | 			sh:nodeKind sh:Literal ;
141 | 			sh:path investigation:focus ;
142 | 		] ,
143 | 		[
144 | 			sh:maxCount "1"^^xsd:integer ;
145 | 			sh:nodeKind sh:Literal ;
146 | 			sh:path investigation:investigationForm ;
147 | 		]
148 | 		;
149 | 	sh:targetClass investigation:Investigation ;
150 | 	.
151 | 
152 | investigation:Investigation-investigationForm-in-shape
153 | 	a sh:PropertyShape ;
154 | 	sh:in (
155 | 		"case"
156 | 		"incident"
157 | 		"suspicious-activity"
158 | 	) ;
159 | 	sh:message "Value is not member of the vocabulary InvestigationFormVocab." ;
160 | 	sh:path investigation:investigationForm ;
161 | 	sh:severity sh:Info ;
162 | 	.
163 | 
164 | investigation:InvestigativeAction
165 | 	a
166 | 		owl:Class ,
167 | 		sh:NodeShape
168 | 		;
169 | 	rdfs:subClassOf uco-action:Action ;
170 | 	rdfs:label "InvestigativeAction"@en ;
171 | 	rdfs:comment "An investigative action is something that may be done or performed within the context of an investigation, typically to examine or analyze evidence or other data."@en ;
172 | 	sh:property [
173 | 		sh:class investigation:InvestigativeAction ;
174 | 		sh:nodeKind sh:BlankNodeOrIRI ;
175 | 		sh:path investigation:wasInformedBy ;
176 | 	] ;
177 | 	sh:targetClass investigation:InvestigativeAction ;
178 | 	.
179 | 
180 | investigation:Investigator
181 | 	a
182 | 		owl:Class ,
183 | 		sh:NodeShape
184 | 		;
185 | 	rdfs:subClassOf uco-role:Role ;
186 | 	rdfs:label "Investigator"@en ;
187 | 	rdfs:comment "Investigator is a role involved in coordinating an investigation."@en ;
188 | 	sh:targetClass investigation:Investigator ;
189 | 	.
190 | 
191 | investigation:ProvenanceRecord
192 | 	a
193 | 		owl:Class ,
194 | 		sh:NodeShape
195 | 		;
196 | 	rdfs:subClassOf uco-core:ContextualCompilation ;
197 | 	rdfs:label "ProvenanceRecord"@en ;
198 | 	rdfs:comment "A provenance record is a grouping of characteristics unique to the provenantial (chronology of the ownership, custody or location) connection between an investigative action and a set of observations (items and/or actions) or interpretations that result from it."@en ;
199 | 	sh:property
200 | 		[
201 | 			sh:datatype xsd:string ;
202 | 			sh:maxCount "1"^^xsd:integer ;
203 | 			sh:nodeKind sh:Literal ;
204 | 			sh:path investigation:exhibitNumber ;
205 | 		] ,
206 | 		[
207 | 			sh:datatype xsd:string ;
208 | 			sh:minCount "0"^^xsd:integer ;
209 | 			sh:nodeKind sh:Literal ;
210 | 			sh:path investigation:rootExhibitNumber ;
211 | 		]
212 | 		;
213 | 	sh:targetClass investigation:ProvenanceRecord ;
214 | 	.
215 | 
216 | investigation:Subject
217 | 	a
218 | 		owl:Class ,
219 | 		sh:NodeShape
220 | 		;
221 | 	rdfs:subClassOf uco-role:Role ;
222 | 	rdfs:label "Subject"@en ;
223 | 	rdfs:comment "Subject is a role whose conduct is within the scope of an investigation."@en ;
224 | 	sh:targetClass investigation:Subject ;
225 | 	.
226 | 
227 | investigation:SubjectActionLifecycle
228 | 	a
229 | 		owl:Class ,
230 | 		sh:NodeShape
231 | 		;
232 | 	rdfs:subClassOf uco-action:ActionLifecycle ;
233 | 	rdfs:label "SubjectActionLifecycle"@en ;
234 | 	rdfs:comment "A subject action lifecycle is an action pattern consisting of an ordered set of multiple actions or subordinate action-lifecycles performed by an entity acting in a role whose conduct may be within the scope of an investigation."@en ;
235 | 	sh:targetClass investigation:SubjectActionLifecycle ;
236 | 	.
237 | 
238 | investigation:VictimActionLifecycle
239 | 	a
240 | 		owl:Class ,
241 | 		sh:NodeShape
242 | 		;
243 | 	rdfs:subClassOf uco-action:ActionLifecycle ;
244 | 	rdfs:label "VictimActionLifecycle"@en ;
245 | 	rdfs:comment "A victim action lifecycle is an action pattern consisting of an ordered set of multiple actions or subordinate action-lifecycles performed by an entity acting in a role characterized by its potential to be harmed as a result of a crime, accident, or other event or action."@en ;
246 | 	sh:targetClass investigation:VictimActionLifecycle ;
247 | 	.
248 | 
249 | investigation:authorizationIdentifier
250 | 	a owl:DatatypeProperty ;
251 | 	rdfs:label "authorizationIdentifier"@en ;
252 | 	rdfs:comment "The identifier for a particular authorization (e.g. warrant number)"@en ;
253 | 	rdfs:range xsd:string ;
254 | 	.
255 | 
256 | investigation:authorizationType
257 | 	a owl:DatatypeProperty ;
258 | 	rdfs:subPropertyOf uco-core:informalType ;
259 | 	rdfs:label "authorizationType"@en ;
260 | 	rdfs:comment "A label categorizing a type of authorization (e.g. warrant)"@en ;
261 | 	rdfs:range xsd:string ;
262 | 	.
263 | 
264 | investigation:exhibitNumber
265 | 	a owl:DatatypeProperty ;
266 | 	rdfs:label "exhibitNumber"@en ;
267 | 	rdfs:comment "The exhibit number specifies an identifier assigned to a set of objects, unique within the scope of an investigation."@en ;
268 | 	rdfs:range xsd:string ;
269 | 	.
270 | 
271 | investigation:focus
272 | 	a owl:DatatypeProperty ;
273 | 	rdfs:label "focus"@en ;
274 | 	rdfs:comment "Specifies the topical focus of an investigation."@en ;
275 | 	rdfs:range xsd:string ;
276 | 	.
277 | 
278 | investigation:investigationForm
279 | 	a owl:DatatypeProperty ;
280 | 	rdfs:subPropertyOf uco-core:informalType ;
281 | 	rdfs:label "investigationForm"@en ;
282 | 	rdfs:comment "A label categorizing a type of investigation (case, incident, suspicious-activity, etc.)"@en ;
283 | 	rdfs:range [
284 | 		a rdfs:Datatype ;
285 | 		owl:unionOf (
286 | 			vocabulary:InvestigationFormVocab
287 | 			xsd:string
288 | 		) ;
289 | 	] ;
290 | 	.
291 | 
292 | investigation:investigationStatus
293 | 	a owl:DatatypeProperty ;
294 | 	rdfs:label "investigationStatus"@en ;
295 | 	rdfs:comment "A label characterizing the status of an investigation (open, closed, etc.)."@en ;
296 | 	rdfs:range xsd:string ;
297 | 	.
298 | 
299 | investigation:relevantAuthorization
300 | 	a owl:ObjectProperty ;
301 | 	rdfs:label "relevantAuthorization"@en ;
302 | 	rdfs:comment "Specifies an authorization relevant to a particular investigation."@en ;
303 | 	rdfs:range investigation:Authorization ;
304 | 	.
305 | 
306 | investigation:rootExhibitNumber
307 | 	a owl:DatatypeProperty ;
308 | 	rdfs:label "rootExhibitNumber"@en ;
309 | 	rdfs:comment "The root exhibit number specifies a unique identifier assigned to a set of objects at the start of their treatment as part of an investigation. When found on a provenance record that comes after initial investigative treatment, the root exhibit number is a reference to the initial provenance record."@en ;
310 | 	rdfs:range xsd:string ;
311 | 	.
312 | 
313 | investigation:wasDerivedFrom
314 | 	a owl:ObjectProperty ;
315 | 	rdfs:label "wasDerivedFrom"@en ;
316 | 	rdfs:comment "A re-implementation of the wasDerivedFrom property in W3C PROV-O.  The definition of this property is 'A derivation is a transformation of an entity into another, an update of an entity resulting in a new one, or the construction of a new entity based on a pre-existing entity.' [Ref: https://www.w3.org/TR/prov-o/#wasDerivedFrom]"@en ;
317 | 	rdfs:domain uco-core:UcoObject ;
318 | 	rdfs:range uco-core:UcoObject ;
319 | 	.
320 | 
321 | investigation:wasInformedBy
322 | 	a owl:ObjectProperty ;
323 | 	rdfs:label "wasInformedBy"@en ;
324 | 	rdfs:comment "A re-implementation of the wasInformedBy property in W3C PROV-O, where an entity is exchanged by two activities, 'one activity using the entity generated by the other'. [Ref: https://www.w3.org/TR/prov-o/#wasInformedBy]"@en ;
325 | 	rdfs:domain investigation:InvestigativeAction ;
326 | 	rdfs:range investigation:InvestigativeAction ;
327 | 	.
328 | 
329 | 


--------------------------------------------------------------------------------