Pro-Formats

Operation: CyberSleuth

Digital Forensics Live Activity β€” Operation: CyberSleuth
πŸ”

Operation: CyberSleuth

A live digital forensics class activity β€” solve 5 challenges, earn points, and prove you have what it takes to be a cyber investigator!

⏱ ~30 Minutes 🎯 5 Activities πŸ† 300 Max Points πŸ”¬ Chapter 5 Concepts

πŸ‘€ Enter Your Details

Tip: Write your answers on paper too β€” teacher will check!

Press the button to begin β€” let the investigation start!

?
Investigator
Mission Briefing
Phase
πŸ“‹ Mission Brief
CLASSIFIED β€” FOR CYBER UNIT EYES ONLY

πŸ” Mission Briefing: Operation CyberSleuth

A financial firm’s server was breached. Files were deleted, data was stolen, and the attacker left digital traces. You are the Digital Forensics Investigator. Your mission: apply the 5-stage forensic process to crack this case. Complete all 5 activities to unlock the final score.

1
πŸ—ƒ Sort the Evidence (15 pts)
Classify volatile vs non-volatile digital evidence by dragging items to the right category.
2
🧩 Crack the Case Scenario (60 pts)
Read 3 investigation scenarios and choose the correct forensic decision with reasoning.
3
πŸ“‹ Build the Chain of Custody (25 pts)
Complete the official chain of custody form β€” fill in all required fields correctly.
4
πŸ”€ Forensics Word Hunt (50 pts)
Find all 10 digital forensics terms hidden in the word grid β€” race against time!
5
⚑ Rapid Fire Quiz (150 pts)
10 fast-fire questions on Chapter 5 concepts. Speed + accuracy = maximum points!
?
Investigator
Activity 1 of 5
Activity 1
πŸ—ƒ Sort the Evidence
0
PTS

πŸ—ƒ Activity 1 β€” Sort the Evidence by Volatility

Drag each evidence item to the correct category. Remember: most volatile evidence disappears first when a system is powered off!

πŸ“¦ Evidence Items β€” Drag these

πŸ”΄ Highly Volatile β€” Disappears on Power Off

🟑 Semi-Volatile β€” May Change Over Time

🟒 Non-Volatile β€” Persists After Power Off

?
Investigator
Activity 2 of 5
Activity 2
🧩 Crack the Scenario
0
PTS

🧩 Activity 2 β€” What Would You Do?

Read each investigation scenario and choose the CORRECT forensic decision. Think carefully β€” one wrong move can destroy evidence!

Question 1 of 3
?
Investigator
Activity 3 of 5
Activity 3
πŸ“‹ Chain of Custody
0
PTS

πŸ“‹ Activity 3 β€” Build the Chain of Custody

A laptop was seized from the suspect’s desk. Fill in the Chain of Custody form and add all required transfer entries. Every field must be complete!

πŸ“Œ Case Details

Case No: DF-2024-0089 | Device: Dell Laptop (Black) | Serial: DL7891023X | Location Seized: Suspect’s Desk, 3rd Floor, ABC Corp, Mumbai | Date: 14 November 2024, 15:30 hrs

πŸ’» Laptop seized ON πŸ”‹ Battery 82% πŸ”’ Screen Locked πŸ“ No USB connected
?
Investigator
Activity 4 of 5
Activity 4
πŸ”€ Forensics Word Hunt
0
PTS

πŸ”€ Activity 4 β€” Forensics Word Hunt

Click the first and last letter of each hidden word. Find all 10 forensics terms to earn full points! Words go β†’, ↓, or β†˜

Click start cell then end cell of each word

Find These Words:

Found: 0 / 10
?
Investigator
Activity 5 of 5
Activity 5
⚑ Rapid Fire Quiz
πŸ”₯ 0 Streak
0
PTS

⚑ Activity 5 β€” Rapid Fire Quiz

10 questions on Digital Forensics. Answer fast β€” streak bonus available! No going back.

20
Q 1/10
Loading…
πŸ†
Investigator
Mission Complete β€” Operation CyberSleuth
0
out of 300 points
Computing rank…
Sort Activity
0
Case Scenarios
0
Chain of Custody
0
Word Hunt
0
Rapid Fire Quiz
0
Best Streak πŸ”₯
0

Key Concepts Covered Today

⚑
Order of Volatility
RAM β†’ Cache β†’ Routing Table β†’ Disk β†’ Archival
πŸ”—
Chain of Custody
Records every person who touches evidence β€” never break it
πŸ”
Hash Verification
MD5 + SHA1 prove evidence wasn’t altered after collection
πŸ“‹
5-Stage Process
Identify β†’ Preserve β†’ Examine β†’ Analyze β†’ Report
πŸ“‘
Forensic Report
Must be reproducible by another examiner using same methods
πŸ–₯️
Live vs Dead
Device ON = capture RAM first. Device OFF = image disk first