CASE Topics
The Chain of Custody is crucial in investigations as it helps establish and maintain integrity of the evidence throughout various stages (i.e. seizure, transfer, analysis, etc.). Due to the increasing reliance of digital media in our every-day tasks, digital components are becoming more prominent in investigations. CASE seeks to represent that cyber aspect of a Chain of Custody. Those aspects that can be represented in CASE are properties of a device (manufacturer, model, serial number, storage size, etc.), tools used to acquire and/or analyze the device, and the context of data pertaining to the device.
Some examples of Chain of Custody in the cyber-investigation domain include Urgent Evidence and IR (Incident Response).
This investigative scenario emulates illegal activities involving trafficking of vulnerable victims, and download and exchange of related pictures. This dataset includes a Windows 10 computer and Android 6.0 smartphone.
Dataset generation: Dataset was created by students at Marshall University.
In a jurisdiction where owls are illegal to trade and buy, two individuals are suspected of illegally trading owls. A computer and smartphone are collected as evidence and forensic examination is performed to determine whether the user is attempting to purchase owls illegally.
An unknown person caused public disturbance and physical damage to property in Asgard, resulting in denial of service of public transportation (Bifrost Bridge).
Two seemingly unrelated investigations, one a bank robbery and the other dealing with weapons, actually have a connection.
A cross border investigation starts with the forensic acquisition of storage media.