Original source of fact pattern: https://resources.infosecinstitute.com/computer-forensics-investigation-case-study/
1. A Computer Forensic investigator generally investigates the data
which could be taken from computer hard disks or any other storage
devices with adherence to standard policies and procedures to determine
if those devices have been compromised by unauthorized access or not.
2. Computer Forensics investigators work as a team to investigate the
incident and conduct the forensic analysis by using various
methodologies (e.g. Static and Dynamic) and tools (e.g. FTK or Encase)
to ensure the computer network system is secure in an organization.
3. A successful Computer Forensic investigator must be familiar with
various laws and regulations related to computer crimes in their country
(e.g. Computer Misuse Act 1990, the UK) and various computer operating
systems (e.g. Windows, Linux) and network operating systems (e.g. Win
4. Public investigations and Private or Corporate investigations are
the two distinctive categories that fall under Computer Forensics
investigations. Public investigations will be conducted by government
agencies, and private investigations will be conducted by private
computer forensic team.
1. A new start-up SME (small-medium enterprise) based in Luton has
recently begun to notice anomalies in its accounting and product
2. This SME has also noticed that their competitors seem to be
developing products that are very similar to what they are doing which
suggests potential intellectual property theft.
3. SME has undertaken an initial check of system log files, and there
are several suspicious entries and IP addresses with a large amount of
data being sent outside the company firewall.
4. SME has also recently received several customer complaints saying
that there is often a strange message displayed during order processing,
and they are often re-directed to a payment page that does not look
5. The company makes use of a general purpose eBusiness package
(OSCommerce) and has a small team of six IT support professionals, but
they do not feel that they have the expertise to carry out a full scale
6. As there is increased competition in the hi-tech domain, the
company is anxious to ensure that their systems are not being
compromised either internally or externally and they have employed a
digital forensic investigator to determine whether any malicious
activity has taken place, and to ensure that there is no malware within
7. The company uses Windows 10 for its servers. Patches are applied
by the IT support team on a monthly basis, but the team has noticed that
a number of machines do not seem to have been patched.
8. The company provides mobile devices (Apple iOS) to its employees and the iPhones are considered corporate assets.
9. The company also as several employees who use non-corporate mobile
devices for work but they are not considered corporate assets.
10. The company uses Microsoft Exchange with an enterprise email
server environment where every employee has their own corporate email
11. The company’s network is composed of routers, firewalls, hubs, and active directory domain servers.
12. Many of the employees also carry tech-wearables e.g. FitBit,
smart watches, etc that can be plugged into a computer via a USB port
for charging and/or for data transfer.
13. The company has several employees in the United States and
several in the European Union region (EU) e.g. two of them are in
14. Your task, as an attorney and a trained forensic investigator, is
to supervise a digital forensics investigation to see whether you can
prepare a case against the perpetrators.
15. This task may require investigating all employees including emails, the network, mobile devices, computers, etc.
16. In addition to overseeing an investigation you are asked to
advise the company of its legal rights e.g. what the company may or may
not do especially if you are planning to collect devices or emails.
Your deliverable in this assignment is a 3-page report (no
more than 3 pages please) discussing how you would approach the
following Digital Forensic Investigation. As part of this report you
1. Outline and discuss the methodology that you will use.
2. Provide a reasoned argument as to why the particular methodology (or methodologies) chosen is relevant.
3. Identify key facts and identify key considerations to
consider from a technical / forensic standpoint that the company should
4. Identify key facts and identify key considerations to consider from a legal standpoint that the company should consider.
5. Discuss in detail (step by step) the process that you will
use to collect evidence and discuss the relevant guidelines that need
to be followed when collecting digital evidence.
6. Be sure to back your reasoning with case law as applicable.