In this chapter, the authors collected and defined different types of case studies based on cyber forensics. They tried to gather the latest as well as the oldest case studies. This chapter will help those who want to study different categories of cyber care and their forensics studies. The following scenarios are specific examples of the problems that have been faced by various organizations in the past. For reasons of client confidentiality and legal sensitivity, actual names have been changed.
TopGeneral Case Studies
Case Study 1
X, the sales manager of Company A gives 4 weeks' notice. Soon after he leaves, Company A receives advice from several clients that they received emails from an unknown Hotmail account containing defamatory information about Company A.
Computer Forensics NZ Ltd (CFNZ) is instructed to search for evidence on X’s PC that the emails originated from it. During the briefing, CFNZ suggests that the PC be examined for any evidence of any confidential data being copied to removable external media during the preceding 4 week7safe, (2013) s.
Every bit and byte on the PC’s hard disk is acquired and preserved using rigorous procedures as employed by NZ Police, the Serious Fraud Office, NZ Customs, etc. The data is then meticulously analyzed and various data (deleted) and system files are recovered showing that email data was created at the date and time that X was known to be operating the PC.
Detailed analysis also shows that during the last 3 days of X's employment 1 MYOB data file and 1 Microsoft Access file were copied to a USB drive. The files and detailed reports are provided to Company and appropriate discussions are held with the company’s legal advisors for recommended action.
Case Study 2
It was noticed by her manager that C’s work output had been dropping over the previous 3 weeks, which coincided with the provision of broadband Internet to her department. It is visually established that she is spending many hours Internet ‘surfing’, which is specifically banned under her terms of employment ACPO (2013).
She is cautioned appropriately but she continues with the unauthorized activity. Workmates also note that pornographic images are seen on her PC after the second caution.
The company subsequently dismisses her and within 14 days the company receives formal advice that it would be served with a charge of unjustified dismissal.
The manager convinces Management that all correct procedures were followed and that the Internet use was clearly beyond any amount or type that could be considered reasonable. Management decides to contest the action, especially as a significant amount of money is at risk, and instructs CFNZ to analyze her PC for evidence of excessive Internet activity and deliberate entry to pornographic sites.
Analysis of her PC by CFNZ shows that incontestable evidence exists proving that the company's assertions were correct. Finally, costs are awarded to the employer.
Case Study 3
Employee M is discovered stealing products from Finished Goods Store during lunch break. M is told to collect his personal effects from his office and report to the accountant in 30 minutes for final pay reconciliation Adams, R., (2012).
The next day his company laptop is inspected and the PC is found to have been formatted. Unfortunately, M’s PC contained important time-sensitive company data that was in My Documents and not part of the regular network backup. CFNZ is contacted and briefed as to the types of files required and queried as to whether it would be possible to determine the actual time that the disk was formatted.
Within seven days CFNZ has successfully recovered the complete suite of data and has ascertained that the formatting took place when M was known to be in the office collecting personal items.
The company seeks legal advice regarding the appropriate action to take because of the malicious deletion activities Aquilina, M.J., (2003).