Preparing for a Forensic Investigation

Preparing for a Forensic Investigation

Part 1: Preparing for a Forensic Investigation

 

Scenario

You are an employee at D&B Investigations, a firm that contracts with individuals, companies, and government agencies to conduct computer forensics investigations. D&B employees are expected to observe the following tenets, which the company views as the foundation for its success:

  • Give concerted attention to clients’ needs and concerns.
  • Follow proper procedures and stay informed about legal issues.
  • Maintain the necessary skill set to apply effective investigative techniques using the latest technologies.

Your manager has just scheduled a meeting with an important prospective client, and she has asked you to be part of the team that is preparing for the meeting. The prospective client is Brendan Oliver, a well-known celebrity. Last night, Mr. Oliver’s public relations team discovered that someone obtained three photos that were shot on his smartphone, and tried to sell the photos to the media. Due to the sensitive nature of the photos, Mr. Oliver and his team have not yet contacted law enforcement. They would like to know if D&B can provide any guidance or support related to the investigation—or, at the very least, if D&B can help them prevent similar incidents from occurring in the future. At this time, they do not know how the photos were acquired. The public relations team is wondering if a friend, family member, or employee could have gained direct access to Mr. Oliver’s phone and obtained the photos that way, although the phone is usually locked with a passcode when Mr. Oliver is not using it. In addition, Mr. Oliver e-mailed the photos to one other person several months ago; he has not spoken with that person in the last few weeks, but he does not believe that person would have shared the photos with anyone else.

Your manager plans to use this initial meeting with Mr. Oliver and his public relations team to establish rapport, learn more about the case, and demonstrate the firm’s expertise. The company sees this as an opportunity to build future business, regardless of whether they are retained to help with the investigation of this case.

Tasks

To help the team prepare for the meeting, your manager asks you (and your colleagues) to consider and record your responses the following questions:

  • What is the nature of the alleged crime, and how does the nature of the crime influence a prospective investigation?
    • Provide a real-world example from 2016 or later as an example and explain why it is relevant to this scenario.
  • Based on the limited information provided in the scenario, what is the rationale for launching an investigation that uses computer forensic activities?
    • Would D&B and/or law enforcement need additional information in order to determine if they should proceed with an investigation? Why or why not?
    • Under what circumstances might the answer be different? Provide a real-world example from 2016 or later as an example and explain why it is relevant to this scenario.
  • What would you share with the client about how investigators prepare for and conduct a computer forensics investigation?
    • Identify FOUR key points that are most relevant to this case
    • Rank order them in terms of importance.
    • For EACH explain what it is and why it is important.
  • What sources of evidence would investigators likely examine in this case? Provide concrete examples and explain your rationale.
    • Based-on what you know so far what do you anticipate being the most important piece of evidence and explain your rationale.
    • Find a real case example where this kind of evidence was paramount and explain why.
  • What should the client, investigators, and others do—or not do—to ensure that evidence could be used in a court of law?
    • Be specific and justify your explanation in light of what you know of the scenario (above), and in light of the relevant laws and legal concepts that should be taken into account during the collection, analysis, and presentation of evidence.
      • Note: There are bunch of laws identified in the text. We have not covered them in class. Good thing you have been keeping up with the readings.
  • What questions and concerns do you think the client will have?
    • Why? Explain and justify your reasoning. Be thorough and think as if you were a business leader at the client. What would you be concerned with, etc?
  • What questions should the team ask the client to learn more about the case and determine the next steps?
    • Explain why having the answer to EACH would be helpful.

Self-Assessment Checklist

  • I have effectively documented the causes for investigation.
  • I have effectively documented key points related to the collection, analysis, and presentation of computer forensic evidence.
  • I have successfully identified potential sources of evidence.
  • I have summarized laws and legal concepts that apply to this case.
  • I have created a professional, well-developed report with proper documentation, grammar, spelling, and punctuation.

professor notes:

  • You may not use ANY direct quotes.
  • Everything and anything that is not simple common knowledge should be cited. In some cases the questions ask for examples. This will require some research and using qualified sources- known publications (which doesn’t include unverified personal blogs or www.infowars.com). There are some exceptions to the blog rule please ask your professor if you need clarification.
  • There are guides to citing and writing provided on Blackboard. Avail yourself of it. There are also templates for setting-up formal projects. Bear in mind that this is a formal writing assignment and not your personal opinion. This should be, if you are in the major, a component of a portfolio piece that is meant to demonstrate the quality of your work and knowledge.

Leave a Comment

Your email address will not be published. Required fields are marked *

Rating*

Scroll to Top