Project 1: Investigation Considerations
Transcript:
“What is it with these detectives? They think they can just dump stuff on our desks and
expect us to make heads or tails of it!”
“I’ll need a lot more information than this before I can process these computers!”
“Let’s see…is that everybody? I need to get this meeting on folks’ calendars right away, so I can start my investigation. While I’m waiting, I’ll draw up an agenda and
a list of questions that need to be answered.”
“OK, that’s a good start! I’m sure other topics will come up during the meeting.”
“That meeting was a big help! Now I can create a list of resources that I’ll need for
the investigation. Let’s see…..”
“The team is also going to want to know what to expect as far as timeline, budget,
responsibilities, and so on. A project management diagram should help. I’ll sketch it out
now and get it to them A.S.
A.P. so we can get started!”
A digital forensic investigation process can involve many steps and procedures.
The objective is to obtain unbiased information in a verifiable manner using accepted
forensic practices. In this project you will perform some of the steps necessary for setting
up an investigation.
These steps include designing interview questions that establish the needs of the case and
focus your investigative efforts. You will also determine what resources may be needed to
conduct the investigation. Once you have this information, you will be able to develop
an investigation plan that properly sequences activities and processes allowing you to
develop time estimates and contingency plans should you encounter challenges in the investigation.
This particular situation involves two computers and a thumb drive. After clear authorization to proceed has been obtained, one of the first investigative decision points is whether to process the items of evidence individually or together. Processing computers individually makes sense when they are not likely tied to the same case. However, if the computers are linked to the same case, there can be advantages in processing them together.
There are four steps in this project. In Step 1, you will develop interview protocols and identify documentation needs for a forensic investigation. In Step 2, you will identify resources needed for the investigation. In Step 3, you will develop a plan for conducting the investigation, and in Step 4, you will consolidate your efforts in the form of a single document to be submitted to your supervisor (i.e., your instructor). The final assignment in this project is a planning document with a title page, table of contents, and distinct section for each of the three steps in the project
Let’s get started! In Step 1 you use an interview template to record questions, keywords, and authorization information, and to complete the legal forms that will be needed in this case. Before you can do that, you need to review your training in criminal investigations.
Step 1: Complete Preliminary Work
In Step 1 you recall your training in criminal investigations, in which you covered the laws governing chain of custody, search warrants, subpoenas, jurisdiction, and the plain view doctrine. You also review forensic laws and regulations that relate to cybercrime, as well as rules of digital forensics in preparation for your digital forensic investigation. Next, you read the police report and perform a quick inventory of devices that are thought to contain evidence of the crime. You have set up a meeting with the lead detectives and the prosecutor handling the case.
You have received an official request for assistance which provides you with authority to conduct the investigation. You realize it will be impossible to produce a detailed investigation project plan prior to your meeting with the detectives and the prosecutor. First you need to develop a series of questions to establish the key people and activities. These questions should address potential criminal activity, timelines, and people who need to be investigated.
It is also important to determine whether different aspects of the case are being pursued by other investigators and to include those investigators on your contact list. In addition, some situations may involve organizations or individuals who need to adhere to various types of industry compliance. This situation may require you to follow special procedures.
Your tasks in Step 1 are to create an interview form to record questions, keywords, and authorization information, and to designate the legal forms that will be needed in this case. The forms that you complete as part of Step 1 will be included in your “Investigation Project Plan”– the final assignment for this project.
In Step 2 you will consider the types of resources needed for the investigation.
Step 2: Determine What Is Needed for the Investigation
In Step 1 you developed the forms and templates needed to collect the legal, criminal, and technical information that lays the groundwork for your investigation. In Step 2, you consider the types of resources needed to conduct the investigation. By making these preparations, you are establishing forensic readiness. Required resources can include people; tools and technologies such as RAID disks, deployment kits, or imaging programs; and budget and timeline information. Develop your checklist. It will be included in your final “Investigation Project Plan.” In Step 3 you will prepare a plan for managing a digital forensic investigation.
Step 3: Develop a Plan
In the prior step, you determined what resources would be necessary for your investigation. In Step 3 you develop a plan for managing the investigation. Reporting requirements reflect the step-by-step rigidity of the criminal investigation process itself. Being able to articulate time, task, money, and personnel requirements is essential.
Project management is a skill set that is not often linked to digital forensics and criminal investigations. That is unfortunate because effective project management can have a dramatic impact on the success and accuracy of an investigation. Identifying the tasks that need to be performed, their sequence, and their duration are important considerations, especially in the face of “wild cards” such as delays in obtaining correct search warrants and subpoenas. It is also important to have a clear understanding of the goals for the investigation as you will likely be called upon to present conclusions and opinions of your findings.
Your project plan should include properly sequenced evidence acquisition and investigation processes, time estimates, and contingency plans. Your plan will serve many purposes including the assignment of a project budget. As you create your plan, be sure to include communications and reporting—who should be involved, how the activities should be carried out, how often, and under what circumstances (i.e., modality, frequency).
Once you have developed your project management plan, move on to Step 4 where you will submit your final assignment.
Step 4: Submit Completed Investigation Project Plan
For your final assignment, you will combine the results of the previous three steps into a single planning document—an “Investigation Project Plan”—with a title page, a table of contents, and a distinct section for each of the three steps. The Plan should include:
Forms documenting key people, key activities, timeline, keywords, authorization (ownership, jurisdiction), and related investigations. Designation of the Llegal forms required for criminal investigations should also be included. (Step 1)
Resource list (Step 2)
Management plan (Step 3)
All sources of information must be appropriately referenced. Submit your completed “Investigation Project Plan” to your supervisor (your instructor) for evaluation upon completion.