Establishing Findings in Digital Forensic Examinations: A Case Study Method

  • Oluwasayo OyelamiEmail author
  • Martin Olivier
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 511)


In digital forensics, examinations are carried out to explain events and demonstrate the root cause from a number of plausible causes. Yin’s approach to case study research offers a systematic process for investigating occurrences in their real-world contexts. The approach is well suited to examining isolated events and also addresses questions about causality and the reliability of findings. The techniques that make Yin’s approach suitable for research also apply to digital forensic examinations. The merits of case study research are highlighted in previous work that established the suitability of the case study research method for conducting digital forensic examinations. This research extends the previous work by demonstrating the practicality of Yin’s case study method in examining digital events. The research examines the relationship between digital evidence – the effect – and its plausible causes, and how patterns can be identified and applied to explain the events. Establishing these patterns supports the findings of a forensic examination. Analytic strategies and techniques inherent in Yin’s case study method are applied to identify and analyze patterns in order to establish the findings of a digital forensic examination.


Digital forensic examinations Yin’s method Establishing findings 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Bunge, M.: Philosophy of Science: From Problem to Theory, vol. 1. Transaction Publishers, New Brunswick (1998)Google Scholar
  2. [2]
    Carrier, B.: A Hypothesis-Based Approach to Digital Forensic Investigations, CERIAS Technical Report 2006–06, Center for Education and Research in Information Assurance and Security. Purdue University, West Lafayette (2006)Google Scholar
  3. [3]
    Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. Academic Press, Waltham (2011)Google Scholar
  4. [4]
    Cohen, F.: Digital Forensic Evidence Examination. ASP Press, Livermore (2010)Google Scholar
  5. [5]
    Garfinkel, S., Farrell, P., Roussev, V., Dinolt, G.: Bringing science to digital forensics with standardized forensic corpora. Digital Investigation 6(S), S2–S11 (2009)CrossRefGoogle Scholar
  6. [6]
    Gladyshev, P., Patel, A.: Formalizing event time bounding in digital investigations. International Journal of Digital Evidence 4(2) (2005)Google Scholar
  7. [7]
    Grobler, C., Louwrens, C., von Solms, S.: A multi-component view of digital forensics. In: Proceedings of the IEEE International Conference on Availability, Reliability and Security, pp. 647–652 (2010)Google Scholar
  8. [8]
    Haber, L., Haber, R.: Scientific validation of fingerprint evidence under Daubert. Law, Probability and Risk 7(2), 87–109 (2008)CrossRefGoogle Scholar
  9. [9]
    Inman, K., Rudin, N.: Principles and Practice of Criminalistics: The Profession of Forensic Science. CRC Press, Boca Raton (2000)CrossRefGoogle Scholar
  10. [10]
    Kwan, M., Chow, K.-P., Law, F., Lai, P.: Reasoning about evidence using bayesian networks. In: Ray, I., Shenoi, S. (eds.) DigitalForensics 2008. ITIFIP, vol. 285, pp. 275–289. Springer, Boston (2008). doi: 10.1007/978-0-387-84927-0_22 CrossRefGoogle Scholar
  11. [11]
    Lottery Post, Six now face charges in CT lottery scheme, March 23, 2016.
  12. [12]
    Maryland Lottery, What is 5 card cash? Baltimore, Maryland (2017).
  13. [13]
    National Institute of Justice and National Research Council, Strengthening Forensic Science in the United States: A Path Forward. National Academies Press, Washington, DC (2009)Google Scholar
  14. [14]
    Olivier, M.: On complex crimes and digital forensics. In: Kayem, A., Meinel, C. (eds.) Information Security in Diverse Computing Environments. IGI Global, Hershey, Pennsylvania, pp. 230–244 (2013)Google Scholar
  15. [15]
    Olivier, M.: Combining fundamentals, traditions, practice and science in a digital forensics course. Presented at the South African Computer Lecturers’ Association Conference (2014)Google Scholar
  16. [16]
    Olivier, M.: Towards a digital forensic science. In: Proceedings of the Information Security for South Africa Conference (2015)Google Scholar
  17. [17]
    Olivier, M., Gruner, S.: On the scientific maturity of digital forensics research. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2013. IAICT, vol. 410, pp. 33–49. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-41148-9_3 CrossRefGoogle Scholar
  18. [18]
    Oyelami, O., Olivier, M.: Using Yin’s approach to case studies as a paradigm for conducting examinations. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2015. IAICT, vol. 462, pp. 45–59. Springer, Cham (2015). doi: 10.1007/978-3-319-24123-4_3 CrossRefGoogle Scholar
  19. [19]
    Pearl, J.: Causality: Models, Reasoning and Inference. Cambridge University Press, Cambridge (2009)Google Scholar
  20. [20]
    Pollitt, M.: Digital forensics as a surreal narrative. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2009. IAICT, vol. 306, pp. 3–15. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-04155-6_1 CrossRefGoogle Scholar
  21. [21]
    Pollitt, M.: History, historiography and the hermeneutics of the hard drive. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2013. IAICT, vol. 410, pp. 3–17. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-41148-9_1 CrossRefGoogle Scholar
  22. [22]
    Tewelde, S., Gruner, S., Olivier, M.: Notions of hypothesis in digital forensics. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2015. IAICT, vol. 462, pp. 29–43. Springer, Cham (2015). doi: 10.1007/978-3-319-24123-4_2 CrossRefGoogle Scholar
  23. [23]
    Willassen, S.: Hypothesis-based investigation of digital timestamps. In: Ray, I., Shenoi, S. (eds.) DigitalForensics 2008. ITIFIP, vol. 285, pp. 75–86. Springer, Boston (2008). doi: 10.1007/978-0-387-84927-0_7 CrossRefGoogle Scholar
  24. [24]
    Yin, R.: Applications of Case Study Research. Sage Publications, Thousand Oaks (2012)Google Scholar
  25. [25]
    Yin, R.: Case Study Research: Design and Methods. Sage Publications, Thousand Oaks, California (2013)Google Scholar
  26. [26]
    Young, T.: Forensic Science and the Scientific Method, Heartland Forensic Pathology, Kansas City, Missouri (2007).

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  1. 1.University of PretoriaPretoriaSouth Africa

Personalised recommendations