Investigation Planning

00:00

less than 3.1 is titled Investigation Planning.

00:05

It's really important when you set out to start doing analysis

00:10

that you have a plan that you have a

00:13

path that you're gonna follow, or at least a starting point that you're gonna follow in order to

00:20

move forward. Because otherwise you may be feeling overwhelmed. You may think that you're looking for a needle in a haystack.

00:28

You may not have a

00:31

defined, repeatable, defensible process. If you don't play in

00:37

in this video, we're gonna talk about how and why to establish an investigation plan.

00:43

I love this quote from Mike Tyson because it really shows and really articulates what it's like to be in forensics and to put together an investigation plan without really having done any analysis. And that is, everyone has a plan until they get punched in the mouth.

01:02

You know, it's important to understand that your plan, while you are developing it

01:07

while you're going to try to abide by it,

01:10

is going to change, not may. It's going to change. You're gonna find a piece of evidence that's gonna lead, or finding that's gonna lead you down either a rabbit hole or lead you down, a path you didn't initially plan on. You've drawn your hypothesis, that scientific hypothesis

01:29

that you've then gone toe look for

01:30

and your hypothesis being based on whatever this thief

01:34

facts of the case are, or the

01:38

whatever your

01:40

hiring attorney believes are the

01:44

facts of the case. And you might find that the facts of the case when you start seeking the truth end up being totally different.

01:51

So it's always good to have a plan. It's always important to have a plan. You should definitely create a plan, but you need to be prepared that your plan's gonna change

02:02

again. You're planning

02:06

needs to be scientific. You need to follow the scientific method

02:09

that you learned about in school.

02:13

You need to generate a hypothesis. Start looking into that hypothesis

02:16

based on the results. You may then go back and ultimately change your hypothesis. You may prove you and you may go through this in an iterative process. You may do it a couple of times.

02:29

You have to make sure that however

02:31

scientific and whatever your hypothesis might be, that it's that the process you follow is repeatable by documenting it by documenting what you did.

02:43

It makes it easier to repeat the process six months, eight months, 12 months down the line. Or if you have to hand off the process to somebody else and have them review,

02:54

or if you're handing it to the other side and they're going to review the process. You wanna make sure that your processes repeatable

03:04

when I mix one hydrogen atom with two oxygen atoms,

03:08

I get a Choto, too.

03:10

When I mix

03:13

two hydrogen atoms with one oxygen atom,

03:17

I get Htoo. I get water.

03:21

It's very important that

03:23

my process be repeatable.

03:24

It also needs to be logical.

03:27

It needs to follow

03:29

in a path that makes sense.

03:32

You're not gonna simply just start poking around on the hard drive. You're going to start by walking through the process, you might say.

03:40

Well,

03:42

if this is a case involving

03:45

theft of money

03:46

or fraud,

03:49

you might look at

03:51

something different than

03:53

if it's a process

03:55

that is looking for

03:59

***.

04:00

But you want to follow a logical process.

04:02

Logical process, if you're searching for ***,

04:05

is probably not to start reviewing word documents.

04:09

It's to review the graphics on this system

04:12

by doing a By creating a repeatable and logical process, you increase the defense ability of the process.

04:18

And remember that defense ability is a key key

04:24

concept

04:25

and foundational concept in forensics.

04:28

And as we said, everyone's got a plan until they get punched in the mouth.

04:32

So you've got to be adaptable. You've gotta be prepared that your plan may go awry and you may have to start looking at things you didn't initially planned to look at. Based on the evidence presented to you