Case Study No.1: Windows Forensics Incident: Unauthorized Access and Data Exfiltration at UTAS-Nizwa Financial System Scenario: UTAS-Nizwa discovers unauthorized access to its financial system, potentially leading to data exfiltration. You are tasked with conducting a digital forensics investigation to identify the source and assess the extent of the breach. You are to conduct a small research on what should be investigated and examined, what should be recovered and analyzed, to conduct an appropriate digital forensic procedure for this case. Outcome: Students will present their findings, including the possible point of entry, the approximate extent of the breach, and recommendations for enhancing security measures to prevent future incidents.

Case Study No.2: Network Forensics Incident: Suspicious Activity in the UTAS-Nizwa Research Network Scenario: The academic research department at UTAS-Nizwa experiences data leakage, and an insider threat is suspected. You are assigned to conduct a digital forensics investigation to trace the source of the data leakage and identify the responsible party. You should identify what factors/components should be considered in the digital forensics investigation and what should be done to investigate those factors/components properly. Outcome: Students will present their findings, detailing the compromised user account(s) analysis, proposing legal actions that should be taken, and proposing measures to strengthen network security.

Case Study 3: Email Forensics Incident: Phishing Attack Targeting UTAS-Nizwa Faculty Emails Scenario: Faculty members at UTAS-Nizwa fall victim to a phishing attack, leading to compromised email accounts. You are tasked with conducting a digital forensics investigation to trace the origin of the phishing attack and assess the impact on UTAS-Nizwa communications. You are to determine the procedures on what to do during the forensic investigation and what components to investigate. Outcome: Students will present their findings, including the possible source(s) of the phishing attack, the approximate extent of unauthorized access, and recommendations for enhancing email security.

Case Study 4: Mobile Devices Forensics Incident: Suspected Data Theft via Mobile Device in UTAS-Nizwa Security Laboratory Scenario: UTAS-Nizwa Security Laboratory suspects an employee of stealing research data using a mobile device. You are assigned to conduct a digital forensics investigation to gather evidence and assess the scope of the data theft. You are to identify the procedures that need to be done to conduct a forensic investigation and the components/areas that need to be investigated. Outcome: Students will present their findings, providing the possible pieces of evidence of the employee's misconduct, descriptions of the possible stolen data, and recommendations for reinforcing security policies. Legal and disciplinary actions taken by the university should also be discussed.