-
Notifications
You must be signed in to change notification settings - Fork 5
Maturity: File Object
Ivan Kirillov edited this page Oct 9, 2015
·
2 revisions
The biggest semantic problem with the current implementation of the File Object is that it captures the properties of an abstract file (e.g., a collection of bytes) as well as its file-system specific properties when it is stored on a disk. This is discussed in more detail here.
Besides additional file-system specific properties, there are likely other properties that could be added relating to the low-level storage of a file on disk, primarily for the digital forensics use case.
Due to the ubiquity of files in the various cyber-related use cases, including in indicator sharing and malware analysis, the File Object is one of the most commonly used CybOX Objects.