Join Us!

Case studies - what...
 
Notifications
Clear all

Case studies - what would you find useful?  

Page 1 / 2
  RSS
Jamie
(@jamie)
Community Legend

Following on from an earlier discussion, I'd like to revisit the idea of "case studies".

What would people find useful in a case study, e.g. what subject areas would we like to see covered, what level of expertise, what format should it take etc.?

If I can gain a better understanding of what people are looking for I may be able to facilitate something in future.

Please let me know your thoughts, thank you.

Jamie

Quote
Posted : 05/02/2012 5:12 pm
mmingos
(@mmingos)
New Member

Following on from an earlier discussion, I'd like to revisit the idea of "case studies".

What would people find useful in a case study, e.g. what subject areas would we like to see covered, what level of expertise, what format should it take etc.?

If I can gain a better understanding of what people are looking for I may be able to facilitate something in future.

Please let me know your thoughts, thank you.

Jamie

I am rather new to Forensics and recently i was looking for a template on how will i conduct my research. For example i had a child abuse wife that wanted proof on her husband's computer. So she brought to us 3 computers. We found some normal porn in the first but nothing important on the others. But we would like some help on what it would be considered suspicious to further research in such case. Also what terms we should be looking for in order to find such material. What sites we should be looking for ?

ReplyQuote
Posted : 05/02/2012 7:23 pm
JohnCrawford
(@johncrawford)
New Member

Jamie -

Useful case studies would include either unique solutions to commonly encountered problems or the application of a common solution to uncommon problems.

I don't believe that description is particularly helpful to you, but it occurs to me that sharing these type of experiences without disclosing any confidential or proprietary information will tend to elevate the skill level of all of your readers.

If this style of case study turns out to be what your readership is looking for after the survey results are in, I'd be happy to provide an example of one such case from my practice for you to use.

All my best,

John Crawford

ReplyQuote
Posted : 05/02/2012 7:31 pm
t3chb0y
(@t3chb0y)
New Member

Jamie,
Similar to John, I'd be interested in unique and uncommon situations and solutions. But also, for mmingos and newcomers to the practice, outlining a basic investigation, whether it be for child porn or looking for evidence on a lost/missing teenagers PC. The how's. why's and where's of an investigation could be of benefit to many. Especially those that have not had the advantage of advanced forensic training coupled with investigative experience.
That said, both basic and unique situations would be of interest. I'm sure that most any investigation might prompt valuable discussion.
I'd also be willing to provide examples, if desired.
-Mike

ReplyQuote
Posted : 05/02/2012 11:53 pm
Draxsr
(@draxsr)
New Member

I'd like to add that people new to the discipline are well versed in the technical aspects but have no practical knowlege of how the investigation itself has been worked. So like those above, I'd like to see scenarios and how the investigator worked through the investigation. Why did they do this? What prompted them to look here? What is SOP (standard operating proceedure) and why (and how) did they deviate? Things like that.

Dennis

ReplyQuote
Posted : 06/02/2012 6:17 am
Hosserdog
(@hosserdog)
New Member

As a "newbie", I would LOVE the scenarios Draxsr discussed! Working with actual cases and learning the why's and wherefores from an experienced investigator's point of view would be AWESOME!!
Any type of case would be a bonus!

Jan

ReplyQuote
Posted : 06/02/2012 7:19 am
Jamie
(@jamie)
Community Legend

Thank you for those replies. I think all the suggestions are broadly in line with what I had in mind myself but it's always worth checking that I'm on the same page as everyone else!

This is probably going to be easier to get off the ground if we can kickstart it with one or two examples to begin with. I'd certainly like to take up those offers of cases which we can use to get the ball rolling so do please feel free to forward something to me (text file, Word doc etc) on admin@forensicfocus.com and we can take it from there. I don't think there's any need to be too specific about requirements at this stage other than to state that a reasonable *minimum* word count is probably in the region of 700-1000 words and that as long as the piece is written with a view to explaining the thinking behind the decision making process during an investigation it should be ideal material to use as a case study.

Jamie

ReplyQuote
Posted : 06/02/2012 8:17 pm
keydet89
(@keydet89)
Community Legend

…we would like some help on what it would be considered suspicious to further research in such case.

In order to address this question, it really depends on the operating system in question. For example, on Windows systems, I would look to see what viewer applications are installed and used on the system, and check the most-recently-used (MRU) locations for those applications…the locations depend upon the version of Windows.

Also what terms we should be looking for in order to find such material. What sites we should be looking for ?

When I've addressed these situations, I haven't done so via this avenue. Not being a sworn/badged officer, I most often look to MRU locations, and pass file names and locations to the investigator.

I don't think that looking for specific sites or keywords is really the solution, but it does appear to be what's taught to most investigators. IMHO, the preferable approach is to start by looking at what images/movies the user was viewing, and work from there…

ReplyQuote
Posted : 07/02/2012 5:22 pm
keydet89
(@keydet89)
Community Legend

I've provided case studies via my blog and books, so I guess what I'm most interested in is, if those haven't been sufficient, could those who are asking for case studies provide examples? I'm seeing a lot of requests for case studies, but at the same time I'm not seeing anyone (particularly those *asking* for case studies) providing any. I think it would be helpful to understand what it is folks are looking for…

ReplyQuote
Posted : 07/02/2012 8:32 pm
keydet89
(@keydet89)
Community Legend
JLJR
 JLJR
(@jljr)
New Member

If anyone could provide a good case study on investigating social networks that would be great.
For example investigating someone that is suspected of causing online harassment/abuse/stalking etc by using facebook and other sites to cause harm to their victim.

Even a basic step by step guideline type would be very useful.

ReplyQuote
Posted : 09/02/2012 3:14 am
keydet89
(@keydet89)
Community Legend

If you were asked to analyze the system of someone suspected of "cyberbullying" or stalking, I would think that the approach would be something like

1. Get as much information as you can about the activities…user accounts, screen names, etc., of both the suspect and the target. Also look for specific unique words or phrases the suspect may have used. You can also use these to perform Google searches to look for any other possible accounts or screen names.

2. Determine which browser(s) were used, and retrieve and analyze the history and cache.

3. Perform an examination of unallocated space, the pagefile, or any hibernation files to look for indication of activity. This is where EnCase's Search Preview capability is very useful…I've written my own versions of this using Perl, as the technique itself is valuable.

4. Look for indications of smart phone backup files on the system as a secondary source of data.

HTH

ReplyQuote
Posted : 09/02/2012 6:23 pm
jhup
 jhup
(@jhup)
Community Legend

In general, I like to learn work flow, methodology, and thought pattern, not necessarily the nitty gritty of the technical details.

What step must be done prior to an other step?
Why go down one path of analysis, but ignore or abandon an other?
What tools were used with a problem?

I am not really interested in reading about the basics of how to image, chain of custody, write blocking, carving, etc. the banal, the push-button, the "you should know this already" material.

Following on from an earlier discussion, I'd like to revisit the idea of "case studies".

What would people find useful in a case study, e.g. what subject areas would we like to see covered, what level of expertise, what format should it take etc.?

If I can gain a better understanding of what people are looking for I may be able to facilitate something in future.

Please let me know your thoughts, thank you.

Jamie

ReplyQuote
Posted : 09/02/2012 11:32 pm
keydet89
(@keydet89)
Community Legend

jhup,

Do you have an example you can share, or refer to?

ReplyQuote
Posted : 10/02/2012 1:27 am
jhup
 jhup
(@jhup)
Community Legend

Hmmm. I am corporate FI so all my work is tied to my firm, therefore all the cases are intertwined with the quirkiness of this specific corporate culture…

I maybe able to talk about scenarios where i got stuck, and how root cause analysis prompted security to implement something to prevent the same scenario in the future . . . ?

ReplyQuote
Posted : 10/02/2012 10:32 pm
Page 1 / 2
Share: