A Serious Game-Based Peer-Instruction Digital Forensics Workshop

Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 579)


Increasing threats in the area of information security raise the necessity for companies to be prepared for a digital forensic investigation. However, even the best investments in technology and infrastructure will fail if employees are not adequately trained. In this paper we propose a workshop concept combining the peer instruction method and elements from the field of serious games. The goal of the combined methods is to enable the participants to investigate a use case in an interactive and playful way. Our concept guides the participants step by step into an increasingly independent way of performing a digital forensic investigation.


Digital Forensics Workshop Peer instruction Serious games Capture the Flag 



This work is partly performed under the BMBF TRIO project which is supported by the German Federal Ministry of Education and Research. (


  1. 1.
    Meier, S.: Digitale Forensik in Unternehmen. Ph.D. thesis, University of Regensburg (2017)Google Scholar
  2. 2.
    von Solms, R., Warren, M.: Towards the human information security firewall. Int. J. Cyber Warfare Terrorism (IJCWT) 1(2), 10–17 (2011)CrossRefGoogle Scholar
  3. 3.
    Vielberth, M., Menges, F., Pernul, G.: Human-as-a-security-sensor for harvesting threat intelligence. Cybersecurity 2(1), 23 (2019)CrossRefGoogle Scholar
  4. 4.
    Englbrecht, L., Meier, S., Pernul, G.: Towards a capability maturity model for digital forensic readiness. Wireless Netw. 26(7), 4895–4907 (2020). Scholar
  5. 5.
    Cohen, F.: Toward a science of digital forensic evidence examination. In: Chow, K.-P., Shenoi, S. (eds.) DigitalForensics 2010. IAICT, vol. 337, pp. 17–35. Springer, Heidelberg (2010). Scholar
  6. 6.
    Elyas, M., Ahmad, A., Maynard, S.B., Lonie, A.: Digital forensic readiness: expert perspectives on a theoretical framework. Comput. Secur. 52, 70–89 (2015)CrossRefGoogle Scholar
  7. 7.
    Grobler, T., Louwrens, C.P., von Solms, S.H.: A framework to guide the implementation of proactive digital forensics in organisations. In: ARES 2010, Fifth International Conference on Availability, Reliability and Security, Krakow, Poland, 15–18 February 2010, pp. 677–682. IEEE Computer Society (2010)Google Scholar
  8. 8.
    Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to integrating forensic techniques into incident response. NIST Special Publication 10(14), 800–86 (2006)Google Scholar
  9. 9.
    Crouch, C.H., Mazur, E.: Peer instruction: ten years of experience and results. Am. J. Phys. 69(9), 970–977 (2001)CrossRefGoogle Scholar
  10. 10.
    Johnson, W.E., Luzader, A., Ahmed, I., Roussev, V., Richard III, G.G., Lee, C.B.: Development of peer instruction questions for cybersecurity education. In: 2016 USENIX Workshop on Advances in Security Education (ASE 2016). USENIX Association, Austin, TX (2016)Google Scholar
  11. 11.
    Kiili, K.: Digital game-based learning: towards an experiential gaming model. Internet High. Educ. 8(1), 13–24 (2005)CrossRefGoogle Scholar
  12. 12.
    Marsh, T.: Serious games continuum: between games for purpose and experiential environments for purpose. Entertain. Comput. 2(2), 61–68 (2011)CrossRefGoogle Scholar
  13. 13.
    Cetto, A., et al.: Friend inspector: a serious game to enhance privacy awareness in social networks. CoRR abs/1402.5878 (2014)Google Scholar
  14. 14.
    Tokola, T.J., et al.: A collaborative cybersecurity education program. In: Cybersecurity Education for Awareness and Compliance, pp. 181–200. IGI Global (2019)Google Scholar
  15. 15.
    Lasry, N., Mazur, E., Watkins, J.: Peer instruction: from Harvard to the two-year college. Am. J. Phys. 76(11), 1066–1069 (2008)CrossRefGoogle Scholar
  16. 16.
    Ahmed, I., Roussev, V.: Peer instruction teaching methodology for cybersecurity education. IEEE Secur. Priv. 16(4), 88–91 (2018)CrossRefGoogle Scholar
  17. 17.
    McDaniel, L., Talvi, E., Hay, B.: Capture the flag as cyber security introduction. In: 2016 49th Hawaii International Conference on System Sciences (HICSS), pp. 5479–5486, January 2016Google Scholar
  18. 18.
    Inman, K., Rudin, N.: The origin of evidence. Forensic Sci. Int. 126(1), 11–16 (2002)CrossRefGoogle Scholar
  19. 19.
    Manky, D.: Cybercrime as a service: a very modern business. Comput. Fraud Secur. 2013(6), 9–13 (2013)CrossRefGoogle Scholar
  20. 20.
    Yadav, T., Rao, A.M.: Technical aspects of cyber kill chain. In: Abawajy, J.H., Mukherjea, S., Thampi, S.M., Ruiz-Martínez, A. (eds.) SSCC 2015. CCIS, vol. 536, pp. 438–452. Springer, Cham (2015). Scholar

Copyright information

© IFIP International Federation for Information Processing 2020

Authors and Affiliations

  1. 1.Department of Information SystemsUniversity of RegensburgRegensburgGermany

Personalised recommendations