Detailed Investigation Project Plan

Following an investigation plan or model is important to developing consistency and accuracy within investigations, as well as enabling an expeditious response. By following a plan based on a forensically sound model, the procedures used on site will ensure proper forensic processes, chain of custody, and adherence to both federal and state rules for admissibility of evidence.

Plans should consist of high-level processes, detailed tasks, and task sequencing. Detailed work plans or checklists can assist an investigator with complex technical tasks that require a methodical, detailed approach, as well as a high level of accuracy. As always with project management, the details a plan must capture are who, what, and when. In other words, what tasks must be completed, in what order, and by whom to arrive at completion.

A series of labeled boxes from top to bottom. Planning occurs first. Then at the crime scene are identification, collection, and preservation. In the lab are examination, analysis, and report.

This diagram shows the proper order of major tasks that must be accomplished. Note that authority to perform the actions should be determined before or during planning. 

Source: Rogers et al., Journal of Digital Forensics

As time is often critical, detailed investigative plans unique to each case may not be possible. See the Field Triage process model below for instances where time is in short supply. However, a reasonable attempt should be made to follow an investigative model or template regardless of the time available to ensure the best outcome.

References

Rogers, M., Goldman, J. Mislan, R., Wedge, T., & Debrota, S. Computer forensics field triage process model. Journal of Digital Forensics, Security and Law, 1(2). https://commons.erau.edu/jdfsl/vol1/iss2/2/

Licenses and Attributions

Computer Forensics Field Triage Process Model by Marcus K. Rogers, James Goldman, Rick Mislan, Timothy Wedge, and Steve Debrota from Journal of Security Forensics, Security and Law is available under a Creative Commons Attribution 4.0 International license. © 2006–2015 Association of Digital Forensics, Security and Law. UMGC has modified this work and it is available under the original license.