Include the title, your name, course name, and date.
This will be a list of all upcoming sections.
In brief, this section should include what you as the investigator are trying to achieve through this investigation.
Note: You may want to include an abstract since you will be required to include an abstract in many of your future papers that you write in the UMGC graduate program. Your instructors will expect it and your paper submissions will stand out as polished graduate-level work. If you don’t know what an “abstract” is, review in the UMGC library or search online. This is the time to learn and grow.
Identify the types of meetings that should be held and identify the issues to be discussed with each group of meetings that need to be conducted. Be sure to include in the timeline section when the meetings should occur.
Create a meeting agenda to accompany each proposed category of meetings. (You can research how to prepare proper agenda format). Your instructor may provide feedback on this issue.
- Application for Search Warrants
- Chain of Custody Form - Completed
- Consent Form - Example
- Search Warrant - Example
- Removal Media Worksheet
- Hard Drive Evidence Worksheets
- Proposed Keyword Searches
List everything you need in the field and back at your workstation. You can have one long list with subsections or multiple lists.
Describe step-by-step what you found and where. In an actual investigation, it is important that you specifically describe each action taken during your investigation examination. For this course, provide screenshots of your work to demonstrate your mastery of the course lab competencies. Refer to your screenshots using sequentially numbered figures by section so figures in section five would go Figure 5-1, Figure 5-2, etc.
Summarize and explain what you have learned and why this information is important at each step. Express in your own words what you have learned about developing and implementing a digital forensics investigation plan after you have read your reference sources. Use APA in-text citations. Include all cited sources in the reference section at the end of this plan. You should already know to stay away from Course Hero!
Do not copy and paste information from your sources. Summarize what you have learned. You can include short quotations from a reference source that helps you make your point, but it should be a phrase or two to three sentences at most. However, you must properly credit and cite the reference source. Describing your supporting analysis in your own words and quoting credible sources will help make your Project 1 paper stand out.
Develop separate sets of investigative questions that you would separately ask of each potential type of witness in the project. (e.g., for a company IT director, for coworkers, for witnesses). The more detailed, the better. You can learn about the types of questions to ask by reading the references in the course and by performing your own research concerning the questioning of witnesses during a digital forensics investigation. (See NIST’s Guide to Integrating Forensic Techniques into Incident Response, Special Publication 800-86; the National Institute of Justice’s (NIJ) Forensic Examination of Digital Evidence: A Guide for Law Enforcement; US Secret Service’s Best Practices for Seizing Electronic Evidence, UMGC course references, and other sources. You will also have to conduct your own research to get a feel of what to ask. Your instructor may provide some feedback on this issue.
Fully develop a list of contact people who will be important and useful throughout the investigation process. (e.g., company, legal counsel, case investigator, case prosecutor, company IT manager, department director, employee supervisor, local law enforcement, human resources director, assigned digital forensics examiner, etc. This is a start. There are more contact categories that may apply. Again, you will learn more about whom to contact by conducting proper research as you attempt to meet the Project 1 requirements. Don’t just make things up. Your instructor may provide some feedback on this issue.
Create a visual timeline graphic using functions in Microsoft Word or any other familiar tool. Your graphics should be referenced and described in your report narrative (e.g. ...see the interview phase in Figure 7-1. Investigation Plan Timeline). Illustrate the activities that will occur during each interval. For example, your timeline should have details such as set out 30 days to image all drives, 60 days evidence review and analysis, 90 days report writing, witness preparation. These time frames are just general examples of how explicitly detailed your timeline graphic and narrative work should be.
Your budget should be presented in tables using Microsoft Word, Microsoft Excel, or Mac Numbers format. Label each table with number and title (e.g., Table 8-1: Equipment Budget, Table 8-2: Labor) for easy referencing. Tables should contain projected/estimated costs for each line item, expenses, equipment expenses, labor expense, number of examiners, hourly rate, total estimated/projected time per examiner, number and type of computers and costs, software licensing expense, estimated imaging time per drive or electronic media, report writing time, witness preparation time, expert witness testimony time, hard drive expense and peripherals, and a total for all expenses. You can get an idea about what to include by reading the resources associated with the Project 1 reference links in the course. Other examples can be obtained by checking NIST references.
A summary of your findings. There should be no new information here— just a condensed version of the preceding sections. It should state what you achieved. Be sure it aligns with the first section, “Purpose.”
Do your own work supported by the sources provided in classroom and your own research. All in-text citations in other sections should be recorded in this section using APA reference page style.
This section should include lettered appendices (Appendix A, Appendix B, and so on) if you choose to include them. In general, an appendix is where an author places supporting details that not all readers will need to see, but experts or interested parties may wish to see.