Case 1: Fraud Investigation

It was alleged that an accountant of a large corporate company had set up a bank account and was fraudulently moving funds from the company into his own account. The suspect had been alerted that he was under investigation and tried to delete information from his hard drive. The company engaged a computer forensics specialist to analyze the suspect's workstation and produce a forensics report on the alleged fraud. The report showed that the suspect had been performing unauthorized transactions of money from the company to his own account and there were traces of such evidence on the hard drive.

Case 2: Indecent Images

Police were informed by a cleaner working for a large company that she found some printed indecent images in the office of the suspect. The police investigation began and the suspect's computer was sent to computer forensics lab for analysis. The suspect had already stated that he had an alibi for a certain period of time as he had lent his computer to a friend. The investigation therefore focused on dates surrounding this period so that any evidence could be linked to that particular suspect. Anti-forensic software was used to try to erase the images, however, string text and partial images were discovered in the unallocated space of the hard drive. This evidence was enough to charge the suspect with the possession of indecent images.

Case 3: Internet History (Internet Misuse)

Some employees of a large IT company were under suspicion due to clear lack of productivity. The top management suspected that these employees were wasting time by visiting social networking and internet auction sites during working hours. A computer forensics team was called in to investigate the computers of the suspects, paying particular interest to internet history. The results of the investigation were even more shocking than the management expected and gave a clear picture of the activities of the suspects. The report outlined that the employees had been using both online auction sites and their own websites to sell not only personal items but also goods belonging to the company, such as unused laptops, electrical cables and CDs. All other computers within the company also had to be investigated to determine exactly which members of staff took part in - or helped to cover up - the misuse.

Case 4: Hacking

One day, an experienced worker realizes an unauthorized user gaining access to the company's computer. The symptoms were described as frustrating, files were being deleted, programs were opening and closing without user intervention; the computers. The company's computers had a commercial remote administration software product installed by the IT department; this software was not configured correctly and was allowing remote access to hackers, making it possible for them to view and fully-interact with the computers from any other computer or mobile device anywhere on the Internet. In this case, server and the relevant workstations were forensically imaged and examined to identify any signs of unauthorized access via hacking tools, security exploit or virus by computer forensics experts.

Case 5: Intellectual Property Theft

One contractor returned his company laptop stating that he had deleted the relevant database and that he had copied confidential company information which he was going to use to setup his own company. The company's IT department realized that there was no backup of the database which had been deleted from the laptop. Subsequently the company's IT Security manager contacted a computer forensics specialist requesting data recovery of the deleted database files and to check if any company information had been copied to removable media. By utilizing various data recovery techniques it was possible to recover files or portions of files that were deleted.

Case 6: Games Piracy

A computer game developing company had to protect its reputation against pirated products which have affected its image, brand and profitability. Many consumers believe that the pirated product is a legitimate one when in most circumstances it is of a very low quality. Police and a computer forensics unit were called to rescue the organization from the piracy activities. A suspect's computer was seized and experts undertook a forensics investigation of it. During examination, it was found that a program to wipe data and potential evidence had been recently executed on the computer. Despite this, the computer forensics unit was still able to gather a range of evidence that revealed the information of the piracy syndicate.

Case 7: Mobile Phone Analysis - Video retrieval

A computer forensics specialist was asked to analyze a mobile phone in relation to a serious assault case. It was alleged that a young boy had conducted a serious assault on another child while his friend took pictures on his mobile phone. Police were informed that there was evidence on the mobile phone. Using a wide range of specialist software, the forensics analysts recovered the pictures and a deleted multimedia text message sent to another child with one of the pictures attached to it. The suspect did not expect that the deleted files could be recovered.

Case 8: Password Recovery

An employee forgot the password to a password-protected word document that she created. It took her 3 months to prepare it and the dateline for submission is just 5 days away. To make it worse, she did not backup the file. Thus, she engaged a computer forensics specialist to break the password. The specialist managed to break the password by using some special skills and password recovery tools.