Abstract
In digital forensics, examinations are carried out to explain events and demonstrate the root cause from a number of plausible causes. Yin’s approach to case study research offers a systematic process for investigating occurrences in their real-world contexts. The approach is well suited to examining isolated events and also addresses questions about causality and the reliability of findings. The techniques that make Yin’s approach suitable for research also apply to digital forensic examinations. The merits of case study research are highlighted in previous work that established the suitability of the case study research method for conducting digital forensic examinations. This research extends the previous work by demonstrating the practicality of Yin’s case study method in examining digital events. The research examines the relationship between digital evidence – the effect – and its plausible causes, and how patterns can be identified and applied to explain the events. Establishing these patterns supports the findings of a forensic examination. Analytic strategies and techniques inherent in Yin’s case study method are applied to identify and analyze patterns in order to establish the findings of a digital forensic examination.
Chapter PDF
Similar content being viewed by others
References
Bunge, M.: Philosophy of Science: From Problem to Theory, vol. 1. Transaction Publishers, New Brunswick (1998)
Carrier, B.: A Hypothesis-Based Approach to Digital Forensic Investigations, CERIAS Technical Report 2006–06, Center for Education and Research in Information Assurance and Security. Purdue University, West Lafayette (2006)
Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. Academic Press, Waltham (2011)
Cohen, F.: Digital Forensic Evidence Examination. ASP Press, Livermore (2010)
Garfinkel, S., Farrell, P., Roussev, V., Dinolt, G.: Bringing science to digital forensics with standardized forensic corpora. Digital Investigation 6(S), S2–S11 (2009)
Gladyshev, P., Patel, A.: Formalizing event time bounding in digital investigations. International Journal of Digital Evidence 4(2) (2005)
Grobler, C., Louwrens, C., von Solms, S.: A multi-component view of digital forensics. In: Proceedings of the IEEE International Conference on Availability, Reliability and Security, pp. 647–652 (2010)
Haber, L., Haber, R.: Scientific validation of fingerprint evidence under Daubert. Law, Probability and Risk 7(2), 87–109 (2008)
Inman, K., Rudin, N.: Principles and Practice of Criminalistics: The Profession of Forensic Science. CRC Press, Boca Raton (2000)
Kwan, M., Chow, K.-P., Law, F., Lai, P.: Reasoning about evidence using bayesian networks. In: Ray, I., Shenoi, S. (eds.) DigitalForensics 2008. ITIFIP, vol. 285, pp. 275–289. Springer, Boston (2008). doi:10.1007/978-0-387-84927-0_22
Lottery Post, Six now face charges in CT lottery scheme, March 23, 2016. www.lotterypost.com/news/301512
Maryland Lottery, What is 5 card cash? Baltimore, Maryland (2017). www.mdlottery.com/games/5-card-cash
National Institute of Justice and National Research Council, Strengthening Forensic Science in the United States: A Path Forward. National Academies Press, Washington, DC (2009)
Olivier, M.: On complex crimes and digital forensics. In: Kayem, A., Meinel, C. (eds.) Information Security in Diverse Computing Environments. IGI Global, Hershey, Pennsylvania, pp. 230–244 (2013)
Olivier, M.: Combining fundamentals, traditions, practice and science in a digital forensics course. Presented at the South African Computer Lecturers’ Association Conference (2014)
Olivier, M.: Towards a digital forensic science. In: Proceedings of the Information Security for South Africa Conference (2015)
Olivier, M., Gruner, S.: On the scientific maturity of digital forensics research. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2013. IAICT, vol. 410, pp. 33–49. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41148-9_3
Oyelami, O., Olivier, M.: Using Yin’s approach to case studies as a paradigm for conducting examinations. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2015. IAICT, vol. 462, pp. 45–59. Springer, Cham (2015). doi:10.1007/978-3-319-24123-4_3
Pearl, J.: Causality: Models, Reasoning and Inference. Cambridge University Press, Cambridge (2009)
Pollitt, M.: Digital forensics as a surreal narrative. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2009. IAICT, vol. 306, pp. 3–15. Springer, Heidelberg (2009). doi:10.1007/978-3-642-04155-6_1
Pollitt, M.: History, historiography and the hermeneutics of the hard drive. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2013. IAICT, vol. 410, pp. 3–17. Springer, Heidelberg (2013). doi:10.1007/978-3-642-41148-9_1
Tewelde, S., Gruner, S., Olivier, M.: Notions of hypothesis in digital forensics. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2015. IAICT, vol. 462, pp. 29–43. Springer, Cham (2015). doi:10.1007/978-3-319-24123-4_2
Willassen, S.: Hypothesis-based investigation of digital timestamps. In: Ray, I., Shenoi, S. (eds.) DigitalForensics 2008. ITIFIP, vol. 285, pp. 75–86. Springer, Boston (2008). doi:10.1007/978-0-387-84927-0_7
Yin, R.: Applications of Case Study Research. Sage Publications, Thousand Oaks (2012)
Yin, R.: Case Study Research: Design and Methods. Sage Publications, Thousand Oaks, California (2013)
Young, T.: Forensic Science and the Scientific Method, Heartland Forensic Pathology, Kansas City, Missouri (2007). www.heartlandforensic.com/writing/forensic-science-and-the-scientific-method
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 IFIP International Federation for Information Processing
About this paper
Cite this paper
Oyelami, O., Olivier, M. (2017). Establishing Findings in Digital Forensic Examinations: A Case Study Method. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIII. DigitalForensics 2017. IFIP Advances in Information and Communication Technology, vol 511. Springer, Cham. https://doi.org/10.1007/978-3-319-67208-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-67208-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67207-6
Online ISBN: 978-3-319-67208-3
eBook Packages: Computer ScienceComputer Science (R0)
