Investigative Case Files

These case files represent completed and developing simulated investigations used to demonstrate structured forensic methodology, disciplined evidence handling, and analytical reasoning.

Note: Content is simulated/academic. All cases are conducted in controlled lab environments for academic and professional development purposes.

CASE-001
Completed

After-Hours Network Activity Investigation

A completed, simulated digital forensics investigation analyzing recurring after-hours outbound HTTPS activity. The case demonstrates baseline comparison, packet-level traffic analysis, persistence validation, and structured timeline reconstruction within a controlled lab environment.

Evidence Examined:

PCAP Files TCP Conversation Statistics Windows Scheduled Task Artifact

Investigative Questions:

  • • What explains recurring outbound HTTPS sessions during non-business hours?
  • • How does after-hours behavior differ from baseline traffic?
  • • What host-based artifact correlates with observed network activity?
View Full Case File
CASE-002
Planned

Linux Web Server Compromise Investigation

Planned DFIR simulation on an isolated lab network: deterministic web exploit (DVWA) → foothold shell → root via misconfiguration → persistence (SSH authorized_keys + systemd service) → staged data exfiltration (scp/curl) with evidence-backed timeline reconstruction.

Evidence Examined:

Web Server Logs (Apache) Auth & System Logs Persistence Artifacts (SSH + systemd)

Investigative Questions:

  • • What exploit traffic and host artifacts prove initial access via the web application?
  • • What evidence supports privilege escalation via misconfiguration (sudoers/SUID/cron)?
  • • What persistence mechanisms exist (authorized_keys + systemd), and when were they established?
  • • What artifacts/logs confirm staged data exfiltration (scp/curl) and its timing?
  • • What is the reconstructed timeline (exploit → shell → root → persistence → exfil)?
View Full Case File

Investigation Summary

2
Total Cases
1
Completed
1
Planned