Advent of Cyber 4 writeup: A case study in digital forensics and incident response

Digital forensics and incident response, a term which is typically shortened to “DFIR,” is a necessary process for any organisation that wants to keep its computer systems, along with the data stored in them, safe. Malicious hackers who have enough motivation will eventually find a way to hack into a target computer system — sometimes even when the computer system in question is not connected to the internet (Berghel 2015; Greenberg 2018; Fino 2021). In this article, I will discuss my experience working out DFIR problems regarding a fictional case.

Some image components from: Miraculous Ladybug (2022) and “kuraxmasha” (n.d.).

Contents at a glance

1. Background
2. Procedure
3. Discussion
4. Conclusion
5. References

Background

Digital forensics can be defined as “the use of scientifically derived and [empirically demonstrated] methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources, […]” (Reith 2022) and incident response can be defined as “an organized approach to addressing and managing the aftermath of a security breach or cyberattack” (Chai et al. c.a. 2022). One can infer that…