One of the most dangerous misconceptions among newer digital forensic investigators, examiners, and analysts is treating digital forensics like maths, assuming each case, artifact, and problem follows a set pattern of actions leading to a definitive result. While this is often a risk even for experienced investigators, most investigators will miss important investigation and factual information on occasion. However, investigators that chronically suffer from this misconception will quickly find themselves in search of a new calling. Among the many critical skills in digital forensics, flexibility and problem-solving are crucial.
Brett Shavers suggests five steps for effective investigator problem solving. (Shavers, B., Placing the Suspect Behind the Keyboard, Vol. 2: DFIR Investigative Mindset, 2024.)
-Identify the Problem and Desired Outcome
-Analyze and Research
-Select a Reasonable Action Plan
-Put Your Plan into Action
-Evaluate
Early in my career, I was assigned a case where a parole officer used his position of power to sexually assault women, he was assigned to monitor. By threatening the women with a failed check, and by extension a return to prison, he was not reported. One victim eventually reported the details to her local sheriff’s office.
Learning of a potential investigation against him, the parole officer instructed the victim to delete all conversations between them, which she did, because she feared the report may not generate an investigation. An investigation was started, and my assignment was to identify any communication related to the allegations of sexual assault.
Using this case as an example,....