Even though the constraints introduced by implementing the Incident Response (IR), activities to support the eradication of Covid-19, digital investigations are commencing, in order to support the Court process. The act of maintaining continuity with conducting the investigations will reduce the already bottle-necked pipeline within the current system and allow the community to provide a consistent approach to supporting the Criminal Justice System.
Based upon the following principles, there is a template of principles to adopt when dispersed and/or reduced working has to be undertaken. It is the role of every person within the team to understand that they have a role to fulfil. The 10 principles laid out below provide some guidance to the ways in which companies performing these types of investigations should start thinking:
Accurate Scoping – The team/investigation lead will need to ensure that scoping is as full and correct as possible. A single, unambiguous scope is the keystone of successful investigation. Any deviation within this scope may lead to additional travel (of which is constrained), time and effort wasted.
Communication – It is the team leader’s responsibility to maintain communication throughout the investigation chain, be that the client, the team or an external support agency.
The team leader is critical to the success or failure of any investigation and as such will require constant communication with the team members, maintaining constant dialogue and goal setting activities and communicating productivity gains to the clients.Maintaining Team Morale - Morale is a positive state of mind derived from inspired political and military leadership, a shared sense of purpose and working towards the common goal, even though personnel may/will be dispersed. It is essential that the team leaders perform frequent team meetings and update calls internally, in order to identify any potential issues and mitigate them prior to the risks being realised.
Quick Wins – Quick Wins are practical ways in which the team seeks to gain an advantage (Budget, time, application), in order to maintain momentum and seize the initiative. Such quick wins could be the ways in which applications and servers are being utilised to process data, or also locations of manpower with specific toolsets.
Investigation Security - Security is the overarching provision and maintenance of an operating environment that affords the necessary protection to resources in order to achieve the objectives identified within the scoping phase. Within the current environment, the security also emphasises and places additional security of the team members. Without these resources, the function will not be able to work as effectively, thereby placing additional constraints into the equation.
Suffered from a breach? Visit our site to see our offeringsRoutine – The team will need to understand that as the resources have been isolated, there is a requirement for a routine to be put into place. Not only does this place structure within the team (for calls, 1-2-1 meetings and team wash-ups), but it also ensures that investigation timelines are being adhered to, internal goals are being met and lastly, but in no way insignificant, it promotes team cohesion during times where remote working is the only option. It is not intended to be a tool to ‘catch out’ employees, but to place a structure into the lives of the team members.
Economy of Effort - Economy of effort and resource utilisation is the efficient exploitation of resources in relation to the achievement of objectives set. In essence, it can be translated as doing less work to achieve a greater effect. This is a great skill to understand and place into practice. Only a team leader, armed with sector experience, matched with knowledge of the team capabilities, resources and project requirements would be able to fully support this principle and gain the desired outcomes as matched against the scope.
Flexibility – At times, the need to maintain the ability to change readily to meet new circumstances will be encountered. This may be an unforeseen change in scope, loss of manpower, lack of resources or shortened timelines. The team leader needs to be able maintain agility within the team in order that he/she can create an updated plan, communicate and delegate tasks, and maintain other investigations.
Cooperation - Cooperation entails the incorporation of teamwork and a sharing of workload, burdens, risks and opportunities in every aspect of life. There are many ways in which teams can collaborate through technology, of which needs to be harnessed now, more that at any other time we have seen.
Sustainability – The To sustain the team is to ensure that the resources are in place to support current and future investigations. This will require logistical planning skills by the position in charge of supporting, as they will be required to generate the means by which investigations are maintained. The planning of this is severely impacted currently by transport constraints and also the added burden being placed upon the logistical networks and e-commerce environments.
You may well ask ‘Isn’t this what is already being undertaken’, to which I would agree with, to some degree. However, more emphasis has to be placed upon each principle, in order that the team can maintain cohesion, momentum and purpose, within a time when there is so much negativity being promoted. Also, It is essential that all team members are provided with some personal, wellness and/or fitness time to break up the monotonous days. We are all in this mixed containment and recovery phase for the long haul, of which there is no defined end as yet.
When we arrive to full recovery phase and BAU activities, we will be in a better place to move forward. For some, normal business will resume as within the pre-lockdown era. For others, lessons will have been learned on how remote working can maintain, and sometimes, improve productivity. But that is another blog……..
So that concludes this blog……..apart from the fact that the astute amongst you may have noted the principles above are very similar to the ‘Principles of War’. As I see it, we are in a crisis environment, so isn’t it logical to adapt a proven set of principles to mould around the environment within we are being forced to operate within now?
As an end thought, the Forint team have started planning on an overseas Digital Forensics Workshop. What could be better than spending some days in the sun, whilst engaging within a community workshop surrounding relevant topics? We would like to invite you to join us in this venture and would also welcome your input into the community discussions.
If you think that this may be of interest to please comment on this post, or follow the link to show your interest in this opportunity here!