Given the recent discussions on CybOX Object selection, I thought it would be useful to start a new thread on the 3.x point release roadmap.
Based on the current green-field approach, as well an understanding of what we’re missing, here’s a straw man to get us started:
- CybOX 3.1: Networking (+ the possibility of new Objects/Extensions)
- Network Packet
- Network Flow
- Additional Layer 7 Objects (?)
- CybOX 3.2: Unix/Windows Host Artifacts (+ the possibility of new Objects/Extensions)
- Linux Package (file extension)
- Unix Process (process extension)
- Windows Task
- Windows Prefetch
- CybOX 3.3: Mobile Devices/Artifacts (+ the possibility of new Objects/Extensions)
- Android (system extension)
- Android APK (file extension)
- Apple iOS (system extension)
- Mobile device (device extension)
- Mobile phone device (device extension)
- CybOX 3.4: Digital Forensics Artifacts (+ the possibility of new Objects/Extensions)
- EXIF (file extension)
- Disk
- Disk Partition
- Disk Sector
- CybOX 3.5: Accounts (+ the possibility of new Objects/Extensions)
- User Account
- Computer Account
- OS-specific Accounts
- CybOX 3.6: SCADA (+ the possibility of new Objects/Extensions)
Regards,
Ivan
|