In line with the project deliverables, Palestinian and Jordanian partners formulated a set of case studies that can be used by instructors as supporting materials for lab work. These case studies were selected based on their relevance to the newly designed forensics curricula. Below is a summary of each case study as designed by each partner. The case studies and associated resources have been uploaded to a shared server and made available to each partner. (Note that the listed case studies are just a sample of those that have been proposed and made available by project partners.)
Title of the Case Study: Unauthorised Modification of Staff Attendance Records
Summary : A person named H.D. has obtained the passwords for fingerprint devices. The latter devices are responsible for recording the arrival and departure of staff at an institution. H.D. has modified the attendance records of some staff by changing their state from present to absent and vice-versa. The result of this process is the modification of records associated with a particular staff group.
Objectives : There are a number of objectives to this study that shall be carried out by students including determining whether the attacker acted alone, whether an administrator's password was compromised, etc.
Title of the Case Study: Pirate Movies
Summary : ABC Inc. is a small software development company with a team of three programmers and a single network and infrastructure administrator. The company’s Internet usage policy clearly prohibits the employees from visiting and using Torrent websites in order to avoid any legal liability on the company's part associated with illegal downloading of copyrighted materials. The company received a detection notice of copyright infringement from its ISP claiming that the static IP address leased to the company has allegedly been detected downloading pirated movies and TV series on August 27th, 2017. The company management has hired a private investigation firm to perform a digital forensics investigation to determine who is responsible for this Internet usage policy violation.
Objectives : The objective is to perform a forensic investigation on the company’s network and answer specific questions regarding the alleged policy violation including whether a specific user is responsible, etc.
Title of the Case Study: The Drug Mule Case
Summary : The case centres on a criminal Investigation into a drug smuggling network. It concerns a 21 year-old student of liberal arts attending the Chicago Community College for Arts and Science. The student was routinely stopped by the immigration officer at Queen Alia International Airport (QAIA). During one of their visits, and following a full-body scan, the student was found to be concealing drugs in their stomach. The student was arrested and the investigation went on to determine their motives and the destination of the drugs. The study requires investigating the trip details, the student's previous visits and their travel route before arrival in Amman.
Objectives : The objective is to perform a forensic investigation on the devices seized from the passenger and answer specific questions related to whether he was aware of the drugs he was concealing and whether he was a member of a drug smuggling network. The study also explores how the files on these devices can be analysed even if encrypted, etc.
Title of the Case Study: Internet Extortion
Summary : The study concerns an individual (identified as Y.S.) who was subjected to extortion and intimidation by an unknown individual (identified as N.W.) on the Facebook social networking site. N.W. threatened to publish pornographic images of Y.S. and his family, as well as create fictitious accounts in the names of others in his social media circle, and to contact his friends via various social networking sites. To avoid this, Y.S. was told to carry out a money transfer to N.W. in Morocco, in which case the material would not be released.
Objectives : The objective is to investigate the materials related to the case and answer specific questions such as whether the the extortion was actually carried out, whether the extortionist working alone, or as part of a team, whether the victim activated all security options available on their devices, etc.