Investigation Considerations
[Forensic investigator, thinking out loud] What is it with these detectives?
They think they can just dump stuff on our desks and expect us to make heads or tails of it.
I’ll need a lot more information than this before I can process these computers.
[pulling up list of meeting invitees] Let’s see, is that everybody?
I need to get this meeting on folks’ calendars ASAP so I can start my investigation.
[typing out a meeting agenda] While I’m waiting, I’ll draw up an agenda and a list of questions that need to be answered.
OK.
That’s a good start.
I’m sure other topics will come up during the meeting.
That meeting was a big help.
[Clicking through resources on computer] Now, I can create a list of resources that I’ll need for the investigation.
Let’s see.
The team is also going to want to know what to expect as far as timeline, budget, responsibilities, and other things.
A project management diagram should help.
I’ll sketch it out now and get it to them ASAP so we can get started.
A digital forensic investigation process can involve many steps and procedures. The objective is to obtain unbiased information in a verifiable manner using accepted forensic practices. In this project, you will perform some of the steps necessary for setting up an investigation. These steps include designing interview questions that establish the needs of the case and provide focus for your investigative efforts. You will also determine what resources may be needed to conduct the investigation. Once you have this information, you will be able to develop an investigation plan that properly sequences activities and processes, allowing you to develop time estimates and contingency plans should you encounter challenges in the investigation.
This situation involves two computers and a thumb drive. After clear authorization to proceed has been obtained, one of the first investigative decision points is whether to process the items of evidence individually or together. Processing computers individually makes sense when they are not likely tied to the same case. However, if the computers are linked to the same case, there can be advantages in processing them together.
There are four steps in this project. In Step 1, you will develop interview protocols and identify documentation needs for a forensic investigation. In Step 2, you will identify tools and software needed for the investigation. In Step 3, you will develop a plan for conducting the investigation, and in Step 4, you will consolidate your efforts in the form of a single document to be submitted to your supervisor (i.e., your instructor). The final assignment in this project is a planning document with a title page, table of contents, and distinct section for each of the three steps in the project. Consult the relevant sections of Guidelines for Project 1 Investigation Project Plan in every step.
In Step 1, get started on the plan by creating an interview form to record questions, key words, and authorization information, and to complete the legal forms needed in this case. However, before you can do that, you need to review your training in criminal investigations.
Step 1: Create and Gather Forms
Your tasks in Step 1 are to create interview forms to record questions, key words, and authorization information, and to designate other legal forms that will be needed in this case. It is important for you to describe the importance of each form that you create in the body of your final Project Plan assignment and include in-text reference citations for all of your content. The forms that you complete as part of Step 1 will be included in your Investigation Project Plan, the final assignment for this project.
As part of the investigation into two computers and a thumb drive, it’s important to do the necessary preliminary work. In criminal investigations, there are laws governing chain of custody, search warrants, subpoenas, jurisdiction, and the plain view doctrine. It’s important to be familiar with these topics. Review forensic laws and regulations that relate to cybercrime, as well as rules of digital forensics in preparation for your digital forensic investigation.
The next thing to do is to read the police report and perform a quick inventory of devices that are thought to contain evidence of the crime. You have set up a meeting with the lead detectives and the prosecutor handling the case.
You have received an official request for Helpance that provides you with authority to conduct the investigation. You realize it will be impossible to produce a detailed investigation project plan prior to your meeting with the detectives and the prosecutor. First, you need to develop a series of questions to establish the key people and activities. These questions should address potential criminal activity, timelines, and people who need to be investigated.
It is also important to determine whether different aspects of the case are being pursued by other investigators and to include those investigators on your contact list. In addition, some situations may involve organizations or individuals who need to adhere to various types of industry compliance. This situation may require you to follow special procedures.
Step 2: List Required Forensic Equipment, Software, and Labor Expenses
In Step 1, you developed forms and templates to collect the legal, criminal, and technical information that lays the groundwork for your investigation. In this step, you will consider the types of equipment and human resources needed to conduct the investigation and create a budget table that includes expenses for software licenses, computers, storage devices, number of digital forensics examiners, digital forensics examiners’ labor hours, examiner hourly pay rate, including time spent for each phase of the investigation process in gathering evidence analysis, reporting, presentation preparation and court appearance(s).
It is important to total overall costs of all equipment and expenses in your budget table. By making these preparations, you are establishing forensic readiness. Required resources can include people; tools and technologies such as RAID storage, deployment kits, or imaging programs; and budget and timeline information.
Develop a checklist. It will be included in the final Investigation Project Plan.
In the next step, you will begin to prepare a plan for managing a digital forensic investigation.
Step 3: Plan Your Investigation
In the prior step, you determined what resources would be necessary for your investigation. In this step, you will develop a plan for managing the investigation. The requirements for writing case reports reflect the step-by-step rigidity of the criminal investigation process itself. Being able to articulate time, task, money, and personnel requirements is essential.
Project management is a skill set that is not often linked to digital forensics and criminal investigations. That is unfortunate because effective project management can have a dramatic impact on the success and accuracy of an investigation. Identifying the tasks that need to be performed, their sequence, and their duration are important considerations, especially in the face of “wild cards” such as delays in obtaining correct search warrants and subpoenas. It is also important to have a clear understanding of the goals for the investigation as you will likely be called upon to present conclusions and opinions of your findings.
Your project plan should include a properly sequenced narrative timeline and a separately labeled and sequenced Visual Graphic Timeline chart that reflects the time intervals between each phase of the evidence acquisition and investigation processes (e.g., 30 hours gathering evidence spread across five business days, 60 hours of analysis over 10 business days, 90 days for reporting and court preparation, etc.) including detailed time estimates, and contingency plans. Your plan will serve many purposes, including the assignment of a project budget. As you create your plan, be sure to include in your meeting agenda communications and reporting: who should be involved, how the activities should be carried out, how often, and under what circumstances (i.e., modality, frequency).
Once you have developed your project management plan, move on to the next step, where you will submit your final assignment.
Step 4: Prepare and Submit Completed Investigation Project Plan
For your final assignment, you will combine the results of the previous three steps into a single planning document—an Investigation Project Plan—with a title page, a table of contents, and a distinct section for each of the three steps. The plan should include:
Forms documenting key people, meeting agenda, key activities and reporting, key words, investigation timeline narrative, visual graphic timeline chart, authorization confirmation (e.g., ownership, jurisdiction), and related investigations. Designation of the legal forms required for criminal investigations should also be included. (Step 1)
Resource checklist for equipment, human resources and labor expenses (Step 2)
Management plan (Step 3)
Search and seizure form(s)
Chain of custody form
The organization and details of your plan is important. Be sure to refer to the Guidelines for Project 1 Investigation Project Plan to meet the minimum standards needed for this project.
All sources of information must be appropriately referenced. Submit your completed Investigation Project Plan to your supervisor (instructor) for Assessment upon completion.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
2.2: Locate and access sufficient information to investigate the issue or problem.
4.1: Lead and/or participate in a diverse group to accomplish projects and assignments.
5.1: Demonstrate best practices in organizing a digital forensic investigation.
5.2: Utilize Project Management principles in an investigation.
—–
Factors to consider in
[Forensic investigator] Who are these detectives?
They think they can just dump stuff on our desks and we’ll figure it out.
I’ll need a lot more info to process these computers.
[showing meeting invitees] Is that everyone?
I need to schedule this meeting ASAP so I can begin my investigation.
[typing an agenda] I’ll make an agenda and a list of questions while I’m waiting.
OK.
It’s a start.
I’m sure other issues will come up.
Thanks for the meeting!
[Searching on computer] Now I can make a list of resources for my investigation.
See.
The team will also want to know about timelines, budgets, and responsibilities.
Helpful project management diagrams
I’ll draw it up now and send it to them so we can start.
A digital forensic investigation can take many steps. The goal is to obtain unbiased information using accepted forensic practices. In this project, you will set up an investigation. These steps include creating interview questions that establish case needs and focus your investigation. You’ll also determine the resources required to conduct the probe. You can then develop an investigation plan that properly sequences activities and processes, allowing you to develop time estimates and contingency plans should you run into problems.
Two computers and a thumb drive are involved. In the absence of clear authorization to proceed, investigators must decide whether to process evidence individually or collectively. Computers should be processed separately if they are not related. If the computers are linked to the same case, processing them together may be advantageous.
This project has four steps. Step 1: Create interview protocols and document requirements for a forensic investigation. Step 2: Determine the investigation’s tools and software. Step 3: Create an investigation plan, and Step 4: Consolidate your efforts into a single document to submit to your supervisor (i.e., your instructor). That includes a title page, table of contents, and sections for each of the three project steps. At each step, refer to the Guidelines for Project 1 Investigation Project Plan.
Step 1: Create an interview form to record questions, key words, and authorization information, as well as to complete the legal forms required. But first, you must review your criminal investigation training.
Step 1: Gather Forms
In Step 1, you will need to create interview forms to record questions, key words, and authorization information, as well as other legal forms. In the body of your final Project Plan assignment, describe the importance of each form you create, and include in-text reference citations for all content. The forms you complete in Step 1 will be included in your Investigation Project Plan, the project’s final assignment.
Preliminary work is required before investigating two computers and a thumb drive. Among other things, the plain view doctrine and chain of custody are governed by criminal law. It’s critical to understand these issues. Review cybercrime forensic laws and regulations as well as digital forensic rules before beginning your digital forensic investigation.
Next, read the police report and make a quick inventory of devices suspected of containing evidence of the crime. You’ve called the case’s lead detectives and the prosecutor.
You’ve been given official permission to conduct the investigation. You realize you can’t prepare a detailed investigation plan before meeting with the detectives and the prosecutor. First, create a list of questions to identify key people and activities. These questions should cover potential criminal activity, timelines, and suspects.
Determine if other investigators are pursuing different aspects of the case and add them to your contact list. In some cases, organizations or individuals must also comply with industry regulations. This may necessitate special procedures.
2) Expenses for forensic software and labor
In Step 1, you created forms and templates to collect legal, criminal, and technical data. Create a budget table that includes expenses for software licenses, computers, storage devices, number of digital forensics examiners, digital forensics examiners’ labor hours, examiner hourly pay rate, and time spent for each phase of the investigation process in gathering evidence analysis, reporting, presentation preparation, and court appearance (s).
In your budget table, add up the total cost of all equipment and expenses. These steps establish forensic readiness. People, tools and technologies like RAID storage, deployment kits, and imaging programs, as well as budget and timeline information are all required.
Make a list. On the final Investigation Project Plan.
Next, create a plan for managing a digital forensic investigation.
Step 3: Design Your Probe
You determined the resources needed for your investigation in the previous step. In this step, you’ll devise an investigation strategy. The case report requirements mirror the rigidity of the criminal investigation process. Defining time, task, money, and personnel requirements is critical.
Not often are project management skills linked to digital forensics or criminal investigations. That’s a shame because good project management can make or break an investigation’s success. Identifying tasks, their sequence, and duration is critical, especially when dealing with “wild cards” like delayed search warrants and subpoenas. It is also critical to understand the research objectives, as you will be expected to present your findings and conclusions.
Detailed time estimates and contingency plans should be included in your project plan, along with a properly sequenced narrative timeline and a Visual Graphic Timeline chart. Your plan will be used for many things, including allocating a budget. Include in your meeting agenda communications and reporting: who should be involved, how often, and under what circumstances (i.e., modality, frequency).
After creating your project management plan, submit your final assignment.
Finalize and submit your investigation project plan.
Your final project will be an Investigation Project Plan with a title page, table of contents, and sections for each of the three steps. It should include:
Annotated forms recording key people and events; investigation timeline narrative; visual graphic time line chart; and related investigations. Included should be the legal forms required for criminal investigations. (1st)
Checklist for equipment, people, and labor costs (Step 2)
Aims: (Step 3)
a search and seizure (s)
custody chain
Your plan’s structure and details are vital. Refer to the Project 1 Investigation Project Plan Guidelines to meet the project’s minimum standards.
All sources of information must be cited. After completion, submit your Investigation Project Plan to your supervisor (instructor).
Review the competencies below before submitting your assignment. Use each competency as a self-check to ensure you’ve covered them all. Click My Tools, then select Assignments from the drop-down menu, and finally click the project title.
1.1: Organize document or presentation clearly to promote understanding and meet assignment requirements.
2.2: Gather enough data to investigate the issue or problem.
4.1: Lead or participate in a diverse group to complete tasks.
5.1: Organize a digital forensic investigation.
5.2: Apply Project Management to an investigation.