Setup instructions

Environment Overview

CAT Detect requires Java 6 and access to a MySQL Server (version 5.5 and above). You can download the community version of MySQL here:
http://dev.mysql.com/downloads/

Database Setup

Table Format

Your MySQL Server should have a database (we suggest using the case name as the database name) with the following tables:
-RecordedEvents
-InferredEvents

The tables can be created as follows:

CREATE TABLE RecordedEvents (
    EventID INT not null,
    Time DATETIME not null, 
    Subject VARCHAR(255) not null,
    Object VARCHAR(255) not null,
    Action VARCHAR(255) not null,
    Result VARCHAR(255)
);

CREATE TABLE InferredEvents (
    EventID INT not null,
    Time DATETIME not null, 
    Subject VARCHAR(255) not null,
    Object VARCHAR(255) not null,
    Action VARCHAR(255) not null,
    Result VARCHAR(255)
);

Database Properties

In addition to the CAT Detect executable JAR, you will require a database.properties file to exist in the same directory as the JAR. This file contains the details CAT Detect needs to connect to the MySQL Server. An example file:

username = smithj
password = forensics
jdbc_driver = com.mysql.jdbc.Driver
host_and_port = localhost:3306

The username and password field provide the username and password CAT Detect should use to contact the MySQL Server.

The jdbc_driver field specifies which driver to use - it should probably be "com.mysql.jdbc.Driver" if you are using MySQL.

The host_and_port field specifies the host of the database server and the port on which it is listening. If you are running MySQL Server on the same computer as CAT Detect then this will usually be "127.0.0.1:3306" or "localhost:3306" unless you have changed the default settings.

Loading Data

If you wish, you can use the ParseCSV utility within the CAT Detect JAR to import data from a Comma Separated Values (CSV) file into a database table. It requires the database.properties file to connect to the database. The basic usage is as follows:

java net.sf.catdetect.util.ParseCSV r|i filename casename

The filename is the name of the CSV file to import. The casename is the name of the database to load the data into. Use r to specify that this data is to be loaded into the RecordedEvents table and i for the InferredEvents table.

The CSV file should consist of records formatted like the example files included in the CAT Detect release. The fields are:

EventID,Time,Subject,Object,Action,Result

An example record from "testinferredevents.csv":

931,09/10/2008 20:13:00,USER baddie27660658,WORDDOC letter from baddie to nefarious.doc14850080,CREATED,Success

Rules Base

As of version 1.3 onwards, CAT Detect supports user-defined rules, specified in XML. This should make it much more practical to use in real cases. See [Creating a Rules Base] for more information.

Test Setup

After you have installed MySQL, create a new database called "catdetecttest". Create the tables in this database as described in the section Table Format above. Replace the username and password in your database.properties file with a username and password of a MySQL user with access to "catdetecttest".

Then load the test CSV files into the database:
java net.sf.catdetect.util.ParseCSV r testrecordedevents.csv catdetecttest
java net.sf.catdetect.util.ParseCSV i testinferredevents.csv catdetecttest

Now generate the default rules base:
java net.sf.catdetect.util.ExportRulesBase

This will create a file called "rulesbase.xml" (you can also export the default rules base to a different file name by giving the desired file name as an argument to ExportRulesBase).

Start CAT Detect and type "catdetecttest" into the case name dialogue. You will also be asked to select an XML file as a rules base (pick "rulesbase.xml"). You can now run the test queries in the page [Test Queries].