https://cacontology.projectvic.org/forensics#NetworkTrafficAnalysis
Analysis of network traffic patterns to identify suspicious communications and data transfers.
Instances of cacontology-forensics:NetworkTrafficAnalysis can have the following properties:
| PROPERTY | TYPE | DESCRIPTION | RANGE |
|---|---|---|---|
| From class cacontology-forensics:NetworkTrafficAnalysis | |||
| cacontology-forensics:dataTransferVolume | owl:DatatypeProperty | Volume of data transfers analyzed in terabytes. | xsd:decimal |
| cacontology-forensics:networkSessionsAnalyzed | owl:DatatypeProperty | Number of network sessions included in traffic analysis. | xsd:nonNegativeInteger |
| cacontology-forensics:suspiciousConnectionsIdentified | owl:DatatypeProperty | Number of suspicious network connections identified. | xsd:nonNegativeInteger |
| cacontology-forensics:identifiesNetworkAnomalies | owl:ObjectProperty | Links network analysis to anomalies identified. | uco-observable:ObservableObject |
| From class cacontology-forensics:UserBehaviorForensics | |||
| cacontology-forensics:behaviorPatternsIdentified | owl:DatatypeProperty | Number of distinct behavior patterns identified in user analysis. | xsd:nonNegativeInteger |
| cacontology-forensics:riskLevelsAssigned | owl:DatatypeProperty | Number of users assigned risk levels through behavioral analysis. | xsd:nonNegativeInteger |
| cacontology-forensics:userAccountsAnalyzed | owl:DatatypeProperty | Number of user accounts analyzed in mass processing (nearly 2 million for Kidflix operation). | xsd:nonNegativeInteger |
| cacontology-forensics:analyzesCommunicationPatterns | owl:ObjectProperty | Links user behavior analysis to communication pattern analysis. | cacontology-forensics:CommunicationPatternAnalysis |
| cacontology-forensics:analyzesNetworkTraffic | owl:ObjectProperty | Links user behavior analysis to network traffic analysis. | cacontology-forensics:NetworkTrafficAnalysis |
| cacontology-forensics:createsBehavioralFingerprints | owl:ObjectProperty | Links user behavior analysis to fingerprinting performed. | cacontology-forensics:BehavioralFingerprinting |
| cacontology-forensics:identifiesPatterns | owl:ObjectProperty | Links user behavior analysis to patterns identified. | uco-observable:ObservableObject |
| From class cacontology-forensics:MassDigitalEvidenceProcessing | |||
| cacontology-forensics:evidenceVolumeTerabytes | owl:DatatypeProperty | Total volume of evidence in terabytes requiring processing. | xsd:decimal |
| cacontology-forensics:filesProcessedMillions | owl:DatatypeProperty | Number of files processed in millions for large-scale operations. | xsd:decimal |
| cacontology-forensics:processingTimeframeDays | owl:DatatypeProperty | Timeframe required for processing massive evidence volumes in days. | xsd:nonNegativeInteger |
| cacontology-forensics:analysesUserBehavior | owl:ObjectProperty | Links processing to user behavior forensic analysis. | cacontology-forensics:UserBehaviorForensics |
| cacontology-forensics:coordinatesInternationalProcessing | owl:ObjectProperty | Links mass processing to international evidence processing coordination. | cacontology-forensics:InternationalEvidenceProcessing |
| cacontology-forensics:distributesProcessing | owl:ObjectProperty | Links mass processing to distributed processing systems. | cacontology-forensics:DistributedForensicProcessing |
| cacontology-forensics:integratesIntelligenceDatabases | owl:ObjectProperty | Links mass processing to database intelligence integration. | cacontology-forensics:DatabaseIntelligenceIntegration |
| cacontology-forensics:performsGeospatialAnalysis | owl:ObjectProperty | Links evidence processing to geospatial correlation analysis. | cacontology-forensics:GeospatialCorrelation |
| cacontology-forensics:processesEvidence | owl:ObjectProperty | Links mass processing system to evidence being processed. | uco-observable:ObservableObject |
| cacontology-forensics:producesIntelligence | owl:ObjectProperty | Links forensic analysis to intelligence products generated. | uco-observable:ObservableObject |
| cacontology-forensics:utilisesSystem | owl:ObjectProperty | Links processing action to automated systems used. | cacontology-forensics:AutomatedContentAnalysis |
| From class uco-action:Action | |||
| cacontology1:occursDuringPhase | owl:ObjectProperty | Links an action to the investigation phase during which it occurs. | gufo:Phase |
| cacontology-international:executesQuery | owl:ObjectProperty | Links intelligence analysis to federated database queries executed. | cacontology-international:FederatedDatabaseQuery |
| cacontology-partnerships:generatesRequests | owl:ObjectProperty | Links investigation to identification requests generated. | cacontology-partnerships:ObjectIdentificationRequest |
| cacontology-registry:coordinatedWithCompliance | owl:ObjectProperty | Links investigation to compliance-based arrest coordination. | cacontology-registry:ComplianceBasedArrest |
| From class owl:Thing | |||
| cacontology-asset-forfeiture:courtJurisdiction | owl:DatatypeProperty | Court jurisdiction for forfeiture proceedings (e.g., 'NSW', 'VIC', 'SA'). Enhanced with gUFO Situation context. | xsd:string |
| cacontology-asset-forfeiture:estimatedValue | owl:DatatypeProperty | Estimated total value of restrained assets (e.g., $30,000). Enhanced with gUFO Object aggregation. | xsd:decimal |
| cacontology-asset-forfeiture:playsRole | owl:ObjectProperty | Links an entity to a role it plays in forfeiture operations. | gufo:Role |
| cacontology-athletic:participatesInSituation | owl:ObjectProperty | Links entities to team dynamics situations they participate in. | cacontology-athletic:TeamDynamicsExploitation |
| cacontology-case:participatesInManagement | owl:ObjectProperty | Links entities to case management situations they participate in. | cacontology-case:CaseManagement |
| cacontology-detection:ageEstimate | owl:DatatypeProperty | Estimated age or age range of depicted individuals. | xsd:string |
| cacontology-detection:copineClassification | owl:ObjectProperty | Links content to its COPINE classification level. | cacontology-detection:COPINEClassificationScheme |
| cacontology-detection:sarClassification | owl:ObjectProperty | Links content to its SAR (1-5) classification level. | cacontology-detection:SARClassificationScheme |
| cacontology-detection:similarityScore | owl:DatatypeProperty | The similarity score for perceptual hash matches (0.0-1.0). | xsd:decimal |
| cacontology-detection:tannerStage | owl:DatatypeProperty | Tanner stage assessment for physical development (1-5). | xsd:integer |
| cacontology-forensics:arrestsResulting | owl:DatatypeProperty | Number of arrests resulting from forensic investigations (e.g., 654 for SA JACET). | xsd:nonNegativeInteger |
| cacontology-forensics:caseExhibitNumber | owl:DatatypeProperty | The official exhibit number assigned to evidence for legal proceedings. | xsd:string |
| cacontology-forensics:evidenceLocation | owl:DatatypeProperty | The physical or logical location where evidence was found (e.g., 'bedroom computer', 'cloud storage', 'mobile device'). | xsd:string |
| cacontology-forensics:forensicReport | owl:ObjectProperty | Links a forensic action to its associated report or documentation. | uco-observable:ObservableObject |
| cacontology-forensics:referralsReceived | owl:DatatypeProperty | Number of referrals received from national and international law enforcement (e.g., 677 for SA JACET). | xsd:nonNegativeInteger |
| cacontology-forensics:verificationHash | owl:ObjectProperty | Links a forensic artifact to its verification hash digest for integrity checking. | uco-types:Hash |
| cacontology-platforms:encryptionLevel | owl:DatatypeProperty | The level of encryption used by the service (e.g., 'none', 'in-transit', 'end-to-end'). | xsd:string |
| cacontology-platforms:hasContentModerationCapability | owl:ObjectProperty | Links a platform to its content moderation capabilities. | cacontology-platforms:ContentModerationCapability |
| cacontology-platforms:hasDataRetentionPolicy | owl:ObjectProperty | Links a platform to its data retention policy. | cacontology-platforms:DataRetentionPolicy |
| cacontology-platforms:hasLegalComplianceCapability | owl:ObjectProperty | Links a platform to its legal compliance capabilities. | cacontology-platforms:LegalComplianceCapability |
| cacontology-platforms:hasUserVerificationSystem | owl:ObjectProperty | Links a platform to its user verification system. | cacontology-platforms:UserVerificationSystem |
| cacontology-platforms:operatedBy | owl:ObjectProperty | Links a platform or service to the organization that operates it. | cacontology-platforms:ElectronicServiceProvider |
| cacontology-platforms:platformType | owl:DatatypeProperty | The type or category of the platform (e.g., 'social media', 'messaging', 'file hosting'). | xsd:string |
| cacontology-platforms:primaryUserBase | owl:DatatypeProperty | The primary demographic of platform users (e.g., 'adults', 'teens', 'children', 'all ages'). | xsd:string |
| cacontology-platforms:requiresRegistration | owl:DatatypeProperty | Whether the platform requires user registration to access services. | xsd:boolean |
| cacontology-platforms:subsidiaryOf | owl:ObjectProperty | Links a platform or organization to its parent company. | uco-identity:Organization |
| cacontology1:nextStep | owl:ObjectProperty | Denotes the chronologically next action in the lifecycle. | owl:Thing |
| cacontology1:previousStep | owl:ObjectProperty | Denotes the chronologically previous action in the lifecycle. | owl:Thing |
| hotline:playsRole | owl:ObjectProperty | Links an entity to a role it plays in hotline operations. | gufo:Role |
By the associated SHACL property shapes, instances of cacontology-forensics:NetworkTrafficAnalysis can have the following properties:
PROPERTY |
PROPERTY TYPE |
DESCRIPTION |
MIN COUNT |
MAX COUNT |
LOCAL RANGE |
GLOBAL RANGE |
|
|---|---|---|---|---|---|---|---|
| cacontology-forensics:MassDigitalEvidenceProcessing | |||||||
| cacontology-forensics:evidenceVolumeTerabytes |
|
1 | 1 |
xsd:decimal
|
owl:Thing | ||
| cacontology-forensics:filesProcessedMillions |
|
0 | 1 |
xsd:decimal
|
owl:Thing | ||
| cacontology-forensics:processingTimeframeDays |
|
1 | 1 |
xsd:nonNegativeInteger
|
owl:Thing | ||
|
|
1 | 1 |
xsd:dateTime
|
owl:Thing | |||
@prefix cacontology-forensics: <https://cacontology.projectvic.org/forensics#> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
cacontology-forensics:NetworkTrafficAnalysis a owl:Class ;
rdfs:label "Network Traffic Analysis"@en ;
rdfs:comment "Analysis of network traffic patterns to identify suspicious communications and data transfers."@en ;
rdfs:subClassOf cacontology-forensics:UserBehaviorForensics .