USA: +1 508 290 1604 
Sign in
QUESTION
TRANSCRIPT
Project 1: Investigation Considerations
“What is it with these detectives? They think they can just dump stuff on our desks and expect
us to make heads or tails of it!”
“I’ll need a lot more information than this before I can process these computers!”
“Let’s see…is that everybody? I need to get this meeting on folks’ calendars right away, so I can
start my investigation. While I’m waiting, I’ll draw up an agenda and a list of questions that
need to be answered.”
“OK, that’s a good start! I’m sure other topics will come up during the meeting.”
“That meeting was a big help! Now I can create a list of resources that I’ll need for the
investigation. Let’s see…”
“The team is also going to want to know what to expect as far as timeline, budget,
responsibilities, and so on. A project management diagram should help. I’ll sketch it out now
and get it to them A.S.A.P. so we can get started!”
INSTRUCTIONS
A digital forensic investigation process can involve many steps and procedures. The objective is to obtain unbiased information in a verifiable manner using accepted forensic practices. In this project you will perform some of the steps necessary for setting up an investigation. These steps include designing interview questions that establish the needs of the case and focus your investigative efforts. You will also determine what resources may be needed to conduct the investigation. Once you have this information, you will be able to develop an investigation plan that properly sequences activities and processes allowing you to develop time estimates and contingency plans should you encounter challenges in the investigation.
This particular situation involves two computers and a thumb drive. After clear authorization to proceed has been obtained, one of the first investigative decision points is whether to process the items of evidence individually or together. Processing computers individually makes sense when they are not likely tied to the same case. However, if the computers are linked to the same case, there can be advantages in processing them together.
There are four steps in this project. In Step 1, you will develop interview protocols and identify documentation needs for a forensic investigation. In Step 2, you will identify resources needed for the investigation. In Step 3, you will develop a plan for conducting the investigation, and in Step 4, you will consolidate your efforts in the form of a single document to be submitted to your supervisor (i.e., your instructor). The final assignment in this project is a planning document with a title page, table of contents, and distinct section for each of the three steps in the project
Let’s get started! In Step 1 you use an interview template to record questions, keywords, and authorization information, and to complete the legal forms that will be needed in this case. Before you can do that, you need to review your training in criminal investigations.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
2.2: Locate and access sufficient information to investigate the issue or problem.
4.1: Lead and/or participate in a diverse group to accomplish projects and assignments.
10.1: Demonstrate best practices in organizing a digital forensic investigation.
10.2: Utilize Project Management principles in an investigation.
STEP 1: COMPLETE PRELIMINARY WORK
In Step 1 you recall your training in criminal investigations, in which you covered the laws governing chain of custody, search warrants, subpoenas, jurisdiction, and the plain view doctrine. You also review forensic laws and regulations that relate to cybercrime, as well as rules of digital forensics in preparation for your digital forensic investigation. Next, you read the police report and perform a quick inventory of devices that are thought to contain evidence of the crime. You have set up a meeting with the lead detectives and the prosecutor handling the case.
You have received an official request for assistance which provides you with authority to conduct the investigation. You realize it will be impossible to produce a detailed investigation project plan prior to your meeting with the detectives and the prosecutor. First you need to develop a series of questions to establish the key people and activities. These questions should address potential criminal activity, timelines, and people who need to be investigated.
It is also important to determine whether different aspects of the case are being pursued by other investigators and to include those investigators on your contact list. In addition, some situations may involve organizations or individuals who need to adhere to various types of industry compliance. This situation may require you to follow special procedures.
Your tasks in Step 1 are to create an interview form to record questions, keywords, and authorization information, and to designate the legal forms that will be needed in this case. The forms that you complete as part of Step 1 will be included in your “Investigation Project Plan”– the final assignment for this project.
In Step 2 you will consider the types of resources needed for the investigation.
STEP 2: DETERMINE WHAT IS NEEDED FOR THE INVESTIGATION
In Step 1 you developed the forms and templates needed to collect the legal, criminal, and technical information that lays the groundwork for your investigation. In Step 2, you consider the types of resources needed to conduct the investigation. By making these preparations, you are establishing forensic readiness. Required resources can include people; tools and technologies such as RAID disks, deployment kits, or imaging programs; and budget and timeline information. Develop your checklist. It will be included in your final “Investigation Project Plan.” In Step 3 you will prepare a plan for managing a digital forensic investigation.
STEP 3: DEVELOP A PLAN
In the prior step, you determined what resources would be necessary for your investigation. In Step 3 you develop a plan for managing the investigation. Reporting requirements reflect the step-by-step rigidity of the criminal investigation process itself. Being able to articulate time, task, money, and personnel requirements is essential.
Project management is a skill set that is not often linked to digital forensics and criminal investigations. That is unfortunate because effective project management can have a dramatic impact on the success and accuracy of an investigation. Identifying the tasks that need to be performed, their sequence, and their duration are important considerations, especially in the face of “wild cards” such as delays in obtaining correct search warrants and subpoenas. It is also important to have a clear understanding of the goals for the investigation as you will likely be called upon to present conclusions and opinions of your findings.
Your project plan should include properly sequenced evidence acquisition and investigation processes, time estimates, and contingency plans. Your plan will serve many purposes including the assignment of a project budget. As you create your plan, be sure to include communications and reporting—who should be involved, how the activities should be carried out, how often, and under what circumstances (i.e., modality, frequency).
Once you have developed your project management plan, move on to Step 4 where you will submit your final assignment.
STEP 4: SUBMIT COMPLETED INVESTIGATION PROJECT PLAN
For your final assignment, you will combine the results of the previous three steps into a single planning document—an “Investigation Project Plan”—with a title page, a table of contents, and a distinct section for each of the three steps. The Plan should include:
Forms documenting key people, key activities, timeline, keywords, authorization (ownership, jurisdiction), and related investigations. Designation of the Llegal forms required for criminal investigations should also be included. (Step 1)
Resource list (Step 2)
Management plan (Step 3)
All sources of information must be appropriately referenced. Submit your completed “Investigation Project Plan” to your supervisor (your instructor) for evaluation upon completion.
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.
1.1: Organize document or presentation clearly in a manner that promotes understanding and meets the requirements of the assignment.
2.2: Locate and access sufficient information to investigate the issue or problem.
4.1: Lead and/or participate in a diverse group to accomplish projects and assignments.
10.1: Demonstrate best practices in organizing a digital forensic investigation.
10.2: Utilize Project Management principles in an investigation.
ANSWER
Comprehensive Planning for a Digital Forensic Investigation
Introduction
The field of digital forensics requires meticulous planning and execution to obtain unbiased information through accepted forensic practices. This project focuses on the initial steps of a digital forensic investigation, including designing interview questions, identifying necessary resources, and developing a comprehensive investigation plan. The objective is to organize and sequence activities effectively, estimate time requirements, and address potential challenges that may arise during the investigation process. By following these steps, investigators can ensure a methodical approach and maximize the accuracy and success of their investigations.
Step 1: Completing Preliminary Work
In this step, the investigator recalls training in criminal investigations, reviewing laws governing chain of custody, search warrants, subpoenas, jurisdiction, and the plain view doctrine. Additionally, forensic laws and regulations pertaining to cybercrime and digital forensics are reviewed. After reading the police report and performing an inventory of the devices involved, the investigator arranges a meeting with lead detectives and the prosecutor. To establish key people and activities, a series of questions are developed to address potential criminal activity, timelines, and individuals to be investigated. The investigator also identifies other investigators involved and any special procedures required.
Step 2: Determining Resources Needed for the Investigation
Following the completion of necessary forms and templates, Step 2 focuses on identifying the resources required to conduct the investigation. This includes considering human resources, tools and technologies (such as RAID disks, deployment kits, or imaging programs), as well as budget and timeline considerations. By establishing forensic readiness through comprehensive resource planning, investigators can ensure they have the necessary support and equipment to carry out the investigation effectively.
Step 3: Developing a Plan
Building upon the previous steps, Step 3 involves developing a plan for managing the digital forensic investigation. Effective project management plays a crucial role in the accuracy and success of an investigation. The plan encompasses tasks, their sequence, duration, and reporting requirements. Contingency plans are also formulated to address potential delays or unforeseen circumstances. The investigator must have a clear understanding of the investigation’s goals and be prepared to present conclusions and opinions of the findings. Properly sequenced evidence acquisition and investigation processes, time estimates, and communication and reporting protocols are integral parts of the plan.
Step 4: Submitting the Completed Investigation Project Plan
The final assignment combines the results of the previous three steps into a comprehensive “Investigation Project Plan.” The plan includes forms documenting key people, activities, timeline, keywords, and authorization, along with a designated section for legal forms. Additionally, a resource list and a management plan outlining project budget, evidence acquisition, investigation processes, time estimates, and contingency plans are included. The plan serves as a comprehensive guide for the investigation and is submitted to the supervisor for evaluation.
Conclusion
In conclusion, thorough planning is essential in digital forensic investigations to ensure an organized, efficient, and effective process. By following the steps outlined in this project, investigators can establish a solid foundation for their investigations. Designing interview questions, identifying necessary resources, and developing a comprehensive investigation plan enable investigators to address key aspects of the case, allocate resources appropriately, and manage the investigation successfully. By adhering to best practices and utilizing project management principles, investigators can enhance their investigative outcomes and contribute to the field of digital forensics.
