A digital forensic investigation process can involve many steps and procedures. The objective is to obtain unbiased information in a verifiable manner using accepted forensic practices. In this project, you will perform some of the steps necessary for setting up an investigation. These steps include designing interview questions that establish the needs of the case and provide focus for your investigative efforts. You will also determine what resources may be needed to conduct the investigation. Once you have this information, you will be able to develop an investigation plan that properly sequences activities and processes, allowing you to develop time estimates and contingency plans should you encounter challenges in the investigation.
This situation involves two computers and a thumb drive. After clear authorization to proceed has been obtained, one of the first investigative decision points is whether to process the items of evidence individually or together. Processing computers individually makes sense when they are not likely tied to the same case. However, if the computers are linked to the same case, there can be advantages in processing them together.
There are four steps in this project. In Step 1, you will develop interview protocols and identify documentation needs for a forensic investigation. In Step 2, you will identify tools and software needed for the investigation. In Step 3, you will develop a plan for conducting the investigation, and in Step 4, you will consolidate your efforts in the form of a single document to be submitted to your supervisor (i.e., your instructor). The final assignment in this project is a planning document with a title page, table of contents, and distinct section for each of the three steps in the project. Consult the relevant sections of Guidelines for Project 1 Investigation Project Plan in every step.
In Step 1, get started on the plan by creating an interview form to record questions, key words, and authorization information, and to complete the legal forms needed in this case. However, before you can do that, you need to review your training in criminal investigations.
Step 1: Create and Gather Forms
Your tasks in Step 1 are to create interview forms to record questions, key words, and authorization information, and to designate other legal forms that will be needed in this case. It is important for you to describe the importance of each form that you create in the body of your final Project Plan assignment and include in-text reference citations for all your content. The forms that you complete as part of Step 1 will be included in your Investigation Project Plan, the final assignment for this project.
As part of the investigation into two computers and a thumb drive, it’s important to do the necessary preliminary work. In criminal investigations, there are laws governing chain of custody, search warrants, subpoenas, jurisdiction, and the plain view doctrine. It’s important to be familiar with these topics. Review forensic laws and regulations that relate to cybercrime, as well as rules of digital forensics in preparation for your digital forensic investigation.
The next thing to do is to read the police report and perform a quick inventory of devices that are thought to contain evidence of the crime. You have set up a meeting with the lead detectives and the prosecutor handling the case.
You have received an official request for assistance that provides you with authority to conduct the investigation. You realize it will be impossible to produce a detailed investigation project plan prior to your meeting with the detectives and the prosecutor. First, you need to develop a series of questions to establish the key people and activities. These questions should address potential criminal activity, timelines, and people who need to be investigated.
It is also important to determine whether different aspects of the case are being pursued by other investigators and to include those investigators on your contact list. In addition, some situations may involve organizations or individuals who need to adhere to various types of industry compliance. This situation may require you to follow special procedures.
Step 2: List Required Forensic Equipment, Software, and Labor Expenses
In Step 1, you developed forms and templates to collect the legal, criminal, and technical information that lays the groundwork for your investigation. In this step, you will consider the types of equipment and human resources needed to conduct the investigation and create a budget table that includes expenses for software licenses, computers, storage devices, number of digital forensics examiners, digital forensics examiners’ labor hours, examiner hourly pay rate, including time spent for each phase of the investigation process in gathering evidence analysis, reporting, presentation preparation and court appearance(s).
It is important to total overall costs of all equipment and expenses in your budget table. By making these preparations, you are establishing forensic readiness. Required resources can include people; tools and technologies such as RAID storage, deployment kits, or imaging programs; and budget and timeline information.
Develop a checklist. It will be included in the final Investigation Project Plan.
In the next step, you will begin to prepare a plan for managing a digital forensic investigation.
Step 3: Plan Your Investigation
In the prior step, you determined what resources would be necessary for your investigation. In this step, you will develop a plan for managing the investigation. The requirements for writing case reports reflect the step-by-step rigidity of the criminal investigation process itself. Being able to articulate time, task, money, and personnel requirements is essential.
Project management is a skill set that is not often linked to digital forensics and criminal investigations. That is unfortunate because effective project management can have a dramatic impact on the success and accuracy of an investigation. Identifying the tasks that need to be performed, their sequence, and their duration are important considerations, especially in the face of “wild cards” such as delays in obtaining correct search warrants and subpoenas. It is also important to have a clear understanding of the goals for the investigation as you will likely be called upon to present conclusions and opinions of your findings.
Your project plan should include a properly sequenced narrative timeline and a separately labeled and sequenced Visual Graphic Timeline chart that reflects the time intervals between each phase of the evidence acquisition and investigation processes (e.g., 30 hours gathering evidence spread across five business days, 60 hours of analysis over 10 business days, 90 days for reporting and court preparation, etc.) including detailed time estimates, and contingency plans. Your plan will serve many purposes, including the assignment of a project budget. As you create your plan, be sure to include in your meeting agenda communications and reporting: who should be involved, how the activities should be carried out, how often, and under what circumstances (i.e., modality, frequency).
Once you have developed your project management plan, move on to the next step, where you will submit your final assignment.
Step 4: Prepare and Submit Completed Investigation Project Plan
For your final assignment, you will combine the results of the previous three steps into a single planning document—an Investigation Project Plan—with a title page, a table of contents, and a distinct section for each of the three steps. The plan should include:
1. Forms documenting key people, meeting agenda, key activities and reporting, key words, investigation timeline narrative, visual graphic timeline chart, authorization confirmation (e.g., ownership, jurisdiction), and related investigations. Designation of the legal forms required for criminal investigations should also be included. (Step 1)
2. Resource checklist for equipment, human resources and labor expenses (Step 2)
3. Management plan (Step 3)
4. Search and seizure form(s)
5. Chain of custody form
The organization and details of your plan is important. Be sure to refer to the Guidelines for Project 1 Investigation Project Plan to meet the minimum standards needed for this project.
All sources of information must be appropriately referenced.
In addition to the guidance provided in the Project 1 description, please consider structuring your report as follows:
Table of Content
Introduction (Overview, Purpose, Meetings and Agendas)
Part 1 – The preliminary work should including (1) Rules, Regulations, and Laws (2) Preparation / Interview Questions – Required Forms; Interview Forms with Questions
Part 2 – Investigation Resources – Check list of Forensic Equipment and Software
Part 3 – Management plan / Methodology / Investigative Process:
Discuss of Collection, Examination, Analysis and Reporting / Communication.
Discuss Team Structure, Investigative Budget, Investigative Timeline.