Create Your First Project

Start adding your projects to your portfolio. Click on "Manage Projects" to get started

.pro-gallery-wix-wrapper {display: block !important;} .pro-gallery-wix-wrapper .gallery-item-container {opacity: 1 !important; display: block !important;}

Digital Forensic Investigation: Uncovering Planted Evidence with Timeline Analysis

Project type

Digital Forensics Case Study | Technical Blog Post

Date

May 2025

This project demonstrates the critical importance of deep forensic analysis in a simulated homicide investigation. Using Autopsy forensic software, I analyzed a USB drive image containing two files—a supposed suicide note and an asset list—that were planted to mislead investigators. By reconstructing the digital timeline and analyzing file system metadata, I uncovered definitive proof of evidence tampering, effectively dismantling the fabricated narrative and highlighting the severe business risks of accepting digital evidence at face value.

The analysis bridges the gap between technical forensics and strategic business imperatives, showing how metadata inconsistencies can directly impact legal outcomes, regulatory compliance, and third-party risk management.

Key Skills & Accomplishments Demonstrated:

Forensic Imaging & Analysis: Performed a complete forensic analysis of a FAT32 file system image using the Autopsy digital forensics platform.

Metadata & Timeline Reconstruction: Analyzed MAC (Modified, Accessed, Changed) times and legacy 8.3 filenames to identify chronological impossibilities that proved the evidence was staged years before the incident.

Evidence Tampering Detection: Uncovered hidden authorship data within an Excel spreadsheet and identified file creation patterns consistent with deliberate, coordinated planting of evidence.

Academic & Industry Research: Integrated research from sources like the SANS Institute, IEEE, and MITRE ATT&CK (T1070.006 - Timestomping) to contextualize the case and explain the broader threat of anti-forensic techniques.

Technical Communication: Authored a detailed blog post translating complex forensic findings into clear, actionable insights for legal, compliance, and business stakeholders.

Read the full blog post and case summary:
👉 https://www.cvcyber.dev/post/metadata-caught-a-lie

Explore the step-by-step technical analysis:
👉 https://github.com/carla-cvcyber/usb-metadata-forensics.git

.pro-gallery-wix-wrapper {display: block !important;} .pro-gallery-wix-wrapper .gallery-item-container {opacity: 1 !important; display: block !important;}