Evidence Analysis
Reviewed disk image artefacts, suspicious files, metadata, and system activity.
Overview
Investigation scenario
This case study is based on postgraduate digital forensics coursework. The scenario involved investigating a compromised Windows workstation and analysing evidence from disk images, network captures, and system artefacts.
Investigation methodology
Evidence Acquisition
↓
Evidence Preservation
↓
Disk & Network Analysis
↓
Artefact Recovery
↓
Timeline Reconstruction
↓
Investigation Report
This investigation followed established digital forensic principles of evidence acquisition, preservation, systematic analysis, and objective reporting.
Approach
Forensic activities performed
Network Examination
Analysed packet captures to identify suspicious communications, network behaviour, and potential data exfiltration.
Reporting
Produced structured findings suitable for technical and non-technical audiences.
Tools
Tools Used
Tools used included Autopsy, FTK Imager, Wireshark, NetworkMiner, WinHex, and Windows Event Log analysis.
Skills demonstrated
What this case study shows
Digital Forensics
Evidence handling, artefact analysis, and investigative methodology.
Incident Investigation
Understanding compromise indicators, timelines, and likely attack activity.
Clear Communication
Turning technical evidence into a structured intelligence report.
Academic context
Postgraduate investigation work
This case study is based on postgraduate cybersecurity coursework and is presented to demonstrate forensic methodology, evidence analysis, cyber investigation, and structured reporting. It does not represent commercial client work.