Member-only story
Advent of Cyber 4 writeup: A case study in digital forensics and incident response
Digital forensics and incident response, a term which is typically shortened to “DFIR,” is a necessary process for any organisation that wants to keep its computer systems, along with the data stored in them, safe. Malicious hackers who have enough motivation will eventually find a way to hack into a target computer system — sometimes even when the computer system in question is not connected to the internet (Berghel 2015; Greenberg 2018; Fino 2021). In this article, I will discuss my experience working out DFIR problems regarding a fictional case.

Contents at a glance
- Background
- Procedure
- Discussion
- Conclusion
- References
Background
Digital forensics can be defined as “the use of scientifically derived and [empirically demonstrated] methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources, […]” (Reith 2022) and incident response can be defined as “an organized approach to addressing and managing the aftermath of a security breach or cyberattack” (Chai et al. c.a. 2022). One can infer that…