1.

Overview of Digital Forensics

Digital Forensics refers to the process of
identifying, preserving, analyzing, and presenting
digital evidence in a legally admissible manner. It
plays a crucial role in investigating cybercrimes,
corporate incidents, and other activities involving
digital systems. Below is a breakdown of the
field:

Key Concepts
1.Definition:
Digital forensics involves examining digital
devices, networks, and systems to uncover
evidence of crimes, breaches, or misuse.
2.Objective:
The main goal is to collect and analyze digital
evidence while maintaining its integrity and
ensuring it can be used in legal proceedings.
3.Scope:
Digital forensics applies to various contexts,
including cybercrime investigations, fraud
detection, intellectual property theft, and
internal corporate investigations.

Types of Digital Forensics

 1.Computer Forensics:
Focuses on evidence recovery from personal
computers, laptops, and servers.
2.Network Forensics:
Examines network activity, logs, and
communications to identify breaches,
attacks, or unauthorized access.
3.Mobile Device Forensics:
Analyzes data from smartphones, tablets,
and other mobile devices, including calls,
texts, GPS data, and app usage.
4.Cloud Forensics:
Investigates evidence stored in cloud
platforms, including logs, metadata, and
virtual environments.
5.IoT Forensics:
Focuses on evidence from Internet of Things
(IoT) devices like smart home systems,
wearables, and connected cars.
6.Database Forensics:
Deals with retrieving and analysing data
stored in databases to trace unauthorized
transactions or data manipulations.

Phases of Digital Forensics

1.Identification:
Recognizing potential evidence sources, such
as devices, servers, or cloud storage.
 2.Preservation:
Securing data to prevent tampering or loss.
This may involve imaging drives or isolating
networks.
3.Analysis:
Examining the data using forensic tools to
reconstruct events, identify perpetrators, or
uncover deleted/hidden information.
4.Documentation:
Recording all findings with detailed notes,
screenshots, and reports to ensure clarity
and legal validity.
5.Presentation:
Presenting findings in court or to
stakeholders, often involving expert
testimony.

Tools and Techniques

Digital forensics relies on specialized tools such
as:
 EnCase, FTK (Forensic Toolkit), and
Autopsy for system analysis.
 Wireshark and Snort for network
monitoring.
 Cellebrite and XRY for mobile forensics.
 Techniques:-Data Carving,Hash
analysis,Metadata analysis
 1. Data carving (Data carving is a technique
used to recover deleted, fragmented, or
corrupted files from a storage device (e.g.,
hard drive, USB, memory card) without
relying on the file system),
2. Hash analysis:- Hash analysis involves
generating a unique cryptographic hash
value (like MD5, SHA-1, SHA-256) for a
file or a disk image.
3. Metadata extraction:- Metadata is the hidden
information stored within files (e.g., creation
date, modification date, author, GPS
location).
Applications
 Law Enforcement: Solving cybercrimes
such as hacking, fraud, and child exploitation.
 Corporate Investigations: Detecting
insider threats, data breaches, or policy
violations.
 Incident Response: Identifying and
mitigating security incidents.
 Legal Evidence: Supporting civil litigation
and intellectual property disputes.

Challenges
 1.Data Volume: The sheer size and diversity
of modern data can complicate
investigations.
2.Encryption: Encrypted files and
communications require advanced decryption
techniques.
3.Evolving Technology: Rapid innovation in
devices and software necessitates constant
updates to forensic methods.
4.Legal and Ethical Issues: Ensuring privacy,
adhering to jurisdictional laws, and
maintaining the chain of custody
The chain of custody in digital forensics
refers to the documented process of
collecting, handling, storing, and
transferring digital evidence to maintain
its integrity and admissibility in court. It
ensures that the evidence has not been
altered or tampered with during an
investigation.

Key Principles of Digital Forensics

Digital forensics is guided by the following
principles to maintain the credibility of evidence:
 1.Admissibility:
Evidence must be relevant, reliable, and
legally obtained to be accepted in court.
2.Integrity:
The evidence must remain unchanged during
investigation, necessitating tools like write-
blockers to protect original data.
3.Repeatability:
The analysis must be repeatable by other
experts under similar conditions to validate
results.
4.Chain of Custody:
Documenting the handling of evidence from
the point of collection to presentation
ensures that its integrity is not compromised.

Digital Forensic Methodologies

1.Live Forensics:
Conducted on active systems to capture
volatile data, such as running processes,
network connections, or encryption keys.
2.Static Forensics:
Performed on a powered-down device,
analyzing disk images or other non-volatile
storage.
3.Proactive Forensics:
Involves monitoring systems or networks to
 detect incidents before they escalate. This
overlaps with incident response.
4.Incident-Specific Forensics:
Tailored investigations focused on a specific
breach, attack, or crime.

Key Forensic Artifacts

Forensic artifacts are data traces left behind by
user activity or system operations. Common
artifacts include:
 Event Logs: System-generated logs that
record user actions and system events.
 Registry Entries: On Windows systems,
registry entries reveal installed software,
connected devices, and user preferences.
 Browser Histories: Include cached files,
cookies, and browsing activities.
 Metadata: Embedded information about a
file’s creation, modification, and ownership.

Advanced Tools and Technologies

1.Forensic Automation:
Tools like Magnet AXIOM automate the
discovery and correlation of evidence.
2.Artificial Intelligence (AI) in Forensics:
AI-powered tools assist in identifying
 patterns, sorting vast datasets, and detecting
anomalies, such as fraud or insider threats.
3.Big Data Forensics:
As data volumes grow, tools capable of
managing and analyzing terabytes of
information (e.g., Splunk or ELK Stack) are
essential.
4.Blockchain Forensics:
Used to trace cryptocurrency transactions in
fraud or ransomware cases, employing tools
like Chainalysis or CipherTrace.
5.Decryption and Password Recovery:
Tools such as Passware and John the Ripper
help recover encrypted data or passwords.

Emerging Trends
1.Cloud and Virtual Environments:
Investigating cloud platforms (AWS, Azure,
Google Cloud) requires specialized
techniques to retrieve logs, metadata, and
snapshots without violating privacy laws.
2.5G and IoT Forensics:
The proliferation of IoT devices and the
rollout of 5G networks add complexity due to
increased device interconnectivity and data
decentralization.
3.Dark Web Forensics:
Focused on tracking illegal activities like drug
 trafficking, human trafficking, and arms
dealing on hidden parts of the internet.
4.Zero-Day Exploits:
Investigations involving advanced persistent
threats (APTs) and exploits for unpatched
software vulnerabilities are gaining
prominence. For the Corporate system
5.Quantum Computing:
As quantum computing evolves, it presents
both opportunities (for faster decryption) and
challenges (breaking existing cryptographic
protections).

Real-World Applications
1.Ransomware Investigations:
Forensics helps identify the malware used,
trace cryptocurrency payments, and
determine the breach’s source.
2.Data Breach Analysis:
Detects the extent of compromised data,
assesses regulatory impact, and determines
how attackers accessed sensitive
information.
3.Fraud Detection:
Tracks fraudulent financial transactions or
phishing activities using logs, email headers,
and network analysis.
 4.Intellectual Property Theft:
Investigates unauthorized data access or file
transfers from corporate systems to external
devices.
5.Counterterrorism:
Analyzes communications, metadata, and file
systems to prevent or respond to terrorism-
related cyber activities.

Future of Digital Forensics

As technology evolves, the field of digital
forensics must adapt to new challenges:
1.Automation and AI: Streamlining
investigations for faster results.
2.Cloud-First Approaches: Developing
standardized methods for cloud forensics.
3.Standardization: Creating global standards
for tools, procedures, and training.
4.Collaboration: Enhancing cooperation
between law enforcement, private sectors,
and academia to stay ahead of
cybercriminals.

2. Legal and Ethical Issues in Digital

Forensics
Digital forensics investigations operate in a
highly sensitive environment where legal
compliance and ethical considerations are
critical. Below are key legal and ethical
challenges, along with real-world examples to
illustrate them.

1. Legal Issues
a) Admissibility of Evidence
 Issue: Evidence must be collected,
preserved, and analyzed following proper
procedures to be admissible in court. Failing
to meet legal standards can result in
evidence being dismissed.
 Example: In State v. Cook (Ohio, 2002),
forensic evidence was deemed inadmissible
because the chain of custody was not
properly documented, raising concerns about
its integrity.
b) Privacy and Data Protection Laws
 Issue: Investigators must adhere to privacy
laws like GDPR (General Data Protection
Regulation-Europe) or CCPA (Consumer
Privacy Act California) or DPDP(digital
Protection data protection Act-India) while
accessing personal or corporate data.
Violating these laws can lead to legal
penalties.
  Example: If a forensic investigator collects
data from a suspect’s device without
obtaining proper legal authorization (e.g., a
search warrant), it could be a violation of
privacy laws.
c) Jurisdictional Challenges
 Issue: Cybercrimes often span multiple
jurisdictions. Differences in laws across
countries can complicate evidence collection,
preservation, and sharing.
 Example: A cybercriminal operating from
one country may attack victims in another,
but extradition treaties and data-sharing
agreements between countries may be
absent or limited.
d) Unlawful Seizure of Evidence
 Issue: Law enforcement or forensic
investigators must follow due process when
seizing devices or data. Improperly obtained
evidence can lead to legal consequences.
 Example: In United States v. Warshak
(2010), the court ruled that accessing a
suspect’s email without a warrant violated
the Fourth Amendment.
e) Intellectual Property and Trade Secrets
 Issue: Investigations in corporate
environments may inadvertently expose
 trade secrets or proprietary data, leading to
potential lawsuits.
 Example: If an employee is suspected of
data theft, but the investigation improperly
accesses unrelated sensitive business data,
the company may face legal consequences.

2. Ethical Issues
a) Violation of Privacy
 Issue: Investigators may access personal or
sensitive data beyond the scope of their
investigation, infringing on individual privacy
rights.
 Example: During a fraud investigation,
discovering private messages unrelated to
the case and sharing them could constitute
an unethical breach of privacy.
b) Bias in Investigations
 Issue: Investigators must remain neutral and
avoid preconceived notions about suspects,
as bias can influence the interpretation of
evidence.
 Example: An investigator assuming guilt and
selectively analyzing evidence to support
that conclusion violates ethical standards of
impartiality.
c) Misuse of Evidence
  Issue: Digital evidence must not be altered,
manipulated, or misrepresented. Doing so
undermines justice and ethical practices.
 Example: Presenting partial evidence in
court to favor one party or withholding
exculpatory evidence is both unethical and
illegal.
d) Overstepping Boundaries
 Issue: Investigators may access data outside
their scope of authority or investigation,
which can lead to ethical breaches.
 Example: Examining a suspect’s social
media accounts without relevance to the
investigation violates ethical boundaries.
e) Consent and Authorization
 Issue: Investigations involving personal
devices or private data often require explicit
consent or legal authorization. Failing to
obtain it is unethical.
 Example: Conducting a forensic analysis on
an employee’s personal device without their
consent or a legal warrant is both unethical
and possibly illegal.

3. Examples of Legal and Ethical Dilemmas

in Action
a) Ashley Madison Data Breach (2015)
  Scenario: Hackers leaked data from the
Ashley Madison dating website, exposing
users’ private information. Digital forensic
experts analyzed the data to identify the
perpetrators.
 Issues:
o Legal: Investigators had to ensure they
accessed the leaked data legally.
o Ethical: Deciding whether to examine
sensitive data unrelated to the breach
was an ethical concern.
b) Apple vs. FBI (2016)
 Scenario: The FBI requested Apple’s
assistance in unlocking an iPhone belonging
to a terrorist. Apple refused, citing user
privacy.
 Issues:
o Legal: The case raised questions about
government authority versus corporate
responsibility.
o Ethical: Balancing national security and
user privacy was a significant ethical
challenge.
c) Sony PlayStation Hack (2011)
 Scenario: A massive data breach exposed
millions of users' personal information.
 Forensic teams analyzed logs and network
traffic to identify the attackers.
 Issues:
o Legal: Compliance with international data
privacy laws when investigating affected
users globally.
o Ethical: Ensuring the investigation did not
further compromise user data.

4. Addressing Legal and Ethical Challenges

Forensic Best Practices
1.Follow the Chain of Custody: Document
every step of evidence handling.
2.Obtain Legal Authorization: Ensure
warrants and permissions are secured before
accessing data.
3.Use Certified Tools: Employ industry-
recognized tools to maintain evidence
integrity.
Ethical Guidelines
1.Adhere to Professional Codes of
Conduct: Organizations like the International
Society of Forensic Computer Examiners
(ISFCE) provide ethical standards.
 2.Respect Privacy: Avoid accessing data
unrelated to the case unless legally
mandated.
3.Maintain Transparency: Document findings
objectively and avoid misrepresentation.

What is Digital Evidence?

Digital evidence refers to any information or data
stored, transmitted, or processed in a digital
format that can be used to support or refute
claims in investigations or legal proceedings. It
plays a critical role in cases involving cybercrime,
fraud, intellectual property theft, and even
physical crimes where digital devices are used.

Key Characteristics of Digital Evidence

1.Intangible: Unlike physical evidence, digital
evidence exists as data on electronic devices
or networks.
2.Volatile: Certain types, like RAM or network
activity, can disappear if not captured
quickly.
3.Easily Alterable: Without proper handling,
digital evidence can be tampered with,
deleted, or corrupted.
4.Requires Specialized Tools: Accessing,
analyzing, and preserving digital evidence
 often involves specialized forensic software
and techniques.
5.Legal Admissibility: Must comply with legal
standards (e.g., chain of custody) to be used
in court.

Types of Digital Evidence

Here are some common categories of digital
evidence, with examples:
1. File-Based Evidence
 Definition: Data stored on devices in the
form of files or documents.
 Examples:
o A Word document containing a fraudulent
contract.
o Images or videos stored on a suspect’s
computer used in harassment or stalking
cases.
o Spreadsheets of financial transactions in
embezzlement investigations.
2. Metadata
 Definition: Data that describes other data,
often hidden but critical for forensic
investigations.
 Examples:
 o A photo’s metadata showing its creation
date, time, and GPS coordinates (e.g.,
proving someone’s location).
o Document metadata revealing the
author’s name and last edited date.
3. Logs and Records
 Definition: System-generated logs that track
activities, user access, or events.
 Examples:
o Web server logs showing unauthorized
access attempts.
o Event logs on a Windows machine
indicating file deletions or logins.
o Database transaction logs revealing data
tampering.
4. Emails and Communication
 Definition: Digital correspondence and
communication data.
 Examples:
o Emails with phishing links used in a fraud
case.
o Chat messages in apps like WhatsApp,
revealing plans for a criminal act.
o Call logs and SMS messages extracted
from a mobile phone in a harassment
investigation.
5. Network Data
 Definition: Data related to network activity,
often collected through monitoring tools.
 Examples:
o Packet captures showing data exfiltration
during a cyberattack.
o IP addresses and timestamps revealing
the origin of a hacking attempt.
o Logs from firewalls or intrusion detection
systems (IDS).
6. Mobile Device Data
 Definition: Evidence extracted from
smartphones and tablets.
o Examples:
o GPS location history showing a suspect’s
movements.
o Call logs and contact lists revealing
connections between people.
o Social media activity, such as posts or
messages, used to establish intent.
7. Cloud-Based Evidence
 Definition: Data stored in cloud platforms,
accessible via remote servers.
 Examples:
 o Documents stored in Google Drive
related to financial fraud.
o Email backups in Microsoft Outlook’s
cloud servers.
o Logs of file access and sharing in
Dropbox, showing unauthorized
downloads.
8. Multimedia Evidence
 Definition: Audio, video, or image files.
 Examples:
o Surveillance video showing a suspect
entering a restricted area.
o An audio recording proving an extortion
attempt.
o Deepfake videos used in defamation
cases.
9. Internet Artifacts
 Definition: Data left behind from web
activity.
 Examples:
o Browser history showing visits to illegal
websites.
o Cookies tracking user behavior on e-
commerce platforms for fraud
investigations.
 o Search engine queries used to establish
intent (e.g., “how to hack a bank
account”).
10. Volatile Data
 Definition: Temporary data stored in
memory (RAM) or active processes.
 Examples:
o Running processes on a computer during
a cyberattack.
o Encryption keys stored in RAM, recovered
for decrypting locked files.
o Active network connections during a live
forensic investigation.

Examples of Digital Evidence in Real-World

Cases
1. Cybercrime
 Case: A ransomware attack encrypts
company data.
 Digital Evidence:
o Logs showing the initial infection vector
(e.g., an email link).
o IP addresses of the command-and-control
servers.
o Cryptocurrency wallet addresses used for
ransom payments.
2. Fraud
 Case: A company accuses an employee of
financial fraud.
 Digital Evidence:
o Altered spreadsheet files showing fake
transactions.
o Email correspondence discussing
fraudulent schemes.
o Browser history showing visits to offshore
banking websites.
3. Intellectual Property Theft
 Case: An employee steals sensitive files from
a company.
 Digital Evidence:
o USB device logs showing unauthorized
file transfers.
o Deleted file recovery showing stolen
data.
o Metadata proving file modifications after
transfer.
4. Physical Crime (Murder)
 Case: A murder suspect claims they were not
at the crime scene.
 Digital Evidence:
 o GPS data from their phone showing
location at the scene.
o Surveillance footage from nearby
cameras.
o Search history including phrases like
“how to dispose of evidence.”
5. Harassment or Stalking
 Case: A victim accuses someone of
cyberstalking.
 Digital Evidence:
o Social media messages containing
threats.
o IP logs showing repeated visits to the
victim’s online profiles.
o Call records showing repeated unwanted
calls.

Challenges in Handling Digital Evidence

1.Volatility: Evidence like live memory or
network traffic can disappear quickly if not
captured immediately.
2.Large Data Volumes: With terabytes of
data available, identifying relevant evidence
is challenging.
3.Encryption and Anti-Forensic Tools:
Suspects may use encryption, wiping
 software, or steganography(hiding a file or
data in another file) to hide evidence.
4.Legal Compliance: Investigators must
follow privacy laws and ensure evidence
collection complies with jurisdictional
regulations.
4.Forensic Tools and Software
Digital forensics relies heavily on specialized
tools and software to analyze, recover, and
preserve digital evidence. These tools cater to
various aspects of forensic investigations, such
as data recovery, network analysis, and mobile
forensics. Below is an overview of popular
forensic tools and software, organized by their
functionality.

1. Disk and Data Forensics Tools

These tools focus on analyzing storage devices
like hard drives, SSDs, and removable media.
Popular Tools:
1.EnCase Forensic:
o Used for disk imaging, evidence
preservation, and in-depth analysis.
o Capable of parsing emails, file systems,
and logs.
o Widely accepted in courts.
 2.FTK (Forensic Toolkit):
o Provides robust data carving, file
decryption, and analysis capabilities.
o Features advanced indexing for quick
keyword searches.
3.X-Ways Forensics:
o Lightweight, fast forensic suite for disk
imaging, data analysis, and file recovery.
o Known for its efficiency in handling large
datasets.
4.R-Studio:
o Specializes in data recovery from
damaged or formatted disks.
o Useful for recovering accidentally deleted
files.
5.Caine (Computer Aided Investigative
Environment):
o Open-source Linux-based toolkit.
o Offers disk imaging, file carving, and
analysis tools.

2. Memory Forensics Tools

These tools analyze volatile data, such as
processes and RAM contents, captured from a
live system.
Popular Tools:
1.Volatility:
o Open-source framework for analyzing
memory dumps.
o Can identify running processes, network
connections, and malicious activities.
2.Rekall:
o Memory forensic framework similar to
Volatility.
o Supports live memory analysis and
forensic triage.
3.Belkasoft RAM Capturer:
o Captures live RAM for analysis.
o Lightweight and easy to use in volatile
environments.

3. Network Forensics Tools

Network forensic tools capture and analyze
network traffic to uncover malicious activities or
unauthorized data transfers.
Popular Tools:
1.Wireshark:
o Captures and analyzes packet-level
network data.
 o Widely used for troubleshooting and
forensic analysis of network breaches.
2.NetworkMiner:
o Passive network forensic tool for packet
analysis and file reconstruction.
o Useful for extracting credentials, files,
and sessions from captured traffic.
3.NetWitness Investigator:
o Advanced tool for deep-packet inspection
and session reconstruction.
o Useful in identifying advanced persistent
threats (APTs).
4.Snort:
o Intrusion detection and prevention
system (IDS/IPS).
o Monitors network traffic for suspicious
patterns.

4. Mobile Forensics Tools

Mobile forensic tools analyze data stored on
smartphones and tablets, including apps, call
logs, and GPS data.
Popular Tools:
1.Cellebrite UFED:
 o Industry-leading tool for mobile data
extraction and analysis.
o Capable of bypassing locks and
encryption on many devices.
2.MOBILedit Forensic:
o Extracts and analyzes data from a wide
range of mobile devices.
o Supports SMS, contacts, and app data
recovery.
3.Oxygen Forensic Detective:
o Extracts and analyzes data from
smartphones, cloud services, and apps.
o Strong focus on app analysis, including
encrypted chat platforms.
4.XRY:
o Extracts mobile data, including deleted
items.
o Supports over 29,000 mobile device
profiles.

5. Email and Internet Forensics Tools

These tools analyze email communications,
internet activity, and browser artifacts.
Popular Tools:
1.MailXaminer:
 o Analyzes email headers, attachments,
and metadata.
o Supports multiple email formats (e.g.,
PST, EML, MSG).
2.Web Historian:
o Focused on analyzing browser history,
cookies, and cache.
o Useful in tracking web activity.
3.F-Response:
o Allows investigators to access email and
browser artifacts remotely.
o Often used in corporate investigations.

6. File and Multimedia Analysis Tools

These tools analyze files, images, audio, and
video to uncover hidden evidence or detect
tampering.
Popular Tools:
1.ExifTool:
o Extracts and analyzes metadata from
images, videos, and audio files.
o Useful for identifying tampered media.
2.Amped FIVE:
o Enhances and authenticates video
evidence.
 o Used in law enforcement and legal cases.
3.Autopsy:
o Open-source tool for analyzing files,
images, and multimedia.
o Offers an intuitive interface for case
management.
4.Forensic Image Analyser:
o Identifies image manipulation and
detects deepfakes.
o Focuses on authenticity validation.

7. Cloud Forensics Tools

These tools focus on gathering evidence from
cloud platforms like AWS, Google Cloud, and
Microsoft Azure.
Popular Tools:
1.Magnet AXIOM:
o Supports cloud-based evidence collection
from services like Google Drive, Dropbox,
and iCloud.
o Integrates mobile, computer, and cloud
data for comprehensive analysis.
2.Elcomsoft Cloud Explorer:
 o Extracts data from Google accounts,
including emails, photos, and drive
contents.
o Useful in cloud data breach
investigations.
3.Amazon Macie:
o Automatically discovers and classifies
sensitive data in AWS environments.
o Useful for cloud data breach
investigations.

8. Password Recovery and Encryption Tools

These tools assist in recovering passwords and
decrypting locked files.
Popular Tools:
1.Passware Kit:
o Recovers passwords for a wide range of
file types and encrypted drives.
o Supports GPU acceleration for faster
recovery.
2.John the Ripper:
o Open-source password cracking tool.
o Supports dictionary and brute-force
attacks.
3.Hashcat:
 o Advanced password recovery tool
supporting multiple hashing algorithms.
o Known for its high performance with GPU
acceleration.

9. Anti-Forensics Detection Tools

These tools detect and counter attempts by
suspects to erase or obscure evidence.
Popular Tools:
1.CCleaner Analysis:
o Detects traces of file wiping or system
cleaning attempts.
2.SDelete Detection:
o Identifies files securely deleted using
tools like SDelete.
3.Forensic Disk Utilities:
o Tracks patterns indicative of anti-forensic
activities, such as overwritten disk
sectors.

10. Case Management Tools

Case management tools streamline the
organization and documentation of forensic
investigations.
Popular Tools:
 1.CaseMap:
o Helps investigators organize and analyze
evidence in complex cases.
2.Forensic Notes:
o Secure platform for documenting forensic
findings.
o Ensures notes are tamper-proof.

Conclusion
Forensic tools and software are essential for
uncovering, preserving, and analyzing digital
evidence. Each tool serves a specific purpose,
and investigators often combine multiple tools to
ensure comprehensive and reliable results.
Choosing the right tools depends on the type of
investigation, the nature of the evidence, and the
legal requirements of the jurisdiction.

Case Study 1: Data Breach in an E-

Commerce Company
An e-commerce company experienced a massive
data breach, exposing customer payment
information and personal details. Hackers
infiltrated the company's database and extracted
sensitive data, later found on a dark web
marketplace.
Case Study 2: Intellectual Property Theft by
a Former Employee
A technology firm suspected that a recently
departed employee had stolen proprietary
designs and shared them with a competitor. The
suspected employee had access to restricted files
and left the company under tense circumstances.

Case Study 3: Ransomware Attack on a

Hospital
A hospital’s IT systems were encrypted by
ransomware, disrupting patient records and
critical services. The attackers demanded a
significant Bitcoin payment to restore access to
the encrypted data.

Case Study 4: Cyberstalking and Online

Harassment
A university student reported receiving
anonymous threatening messages on social
media, including fake accounts impersonating
them and spreading false information. The
activity caused significant emotional distress to
the victim.