The Importance of Case Management for Digital Forensics

By Stan Engelbrecht October 2, 2017 forensics

D3 fills a significant gap by bringing true case management functionality to the typical digital forensics process. Many forensics suites have features that they refer to as case management, but their capabilities can only be applied to singular pieces of evidence; there is no “end-to-end” tracking of an investigation. This forces investigators to document cases, notes, evidence, and reporting in general-purpose solutions like OneNote, Excel and SharePoint. For an enterprise function with such specialized, complex and high-priority needs, this simply isn’t good enough.

From our conversations with professionals in the field, we have come to understand that forensics vendors are not interested in building true case management into their products. This leaves some major gaps in the investigation workflow, especially for enterprise-scale organizations. Many of the biggest companies in the world might spend top dollar on their digital forensics investigations labs, but still rely on Excel spreadsheets and other makeshift ways to manage investigations and associated data.

So that’s the niche that D3 fits into: digital forensics case management. As a complement to conventional forensics software, you can leverage D3’s incident response, evidence tracking, reporting, and case management technology to add valuable new capabilities to your digital forensics program.

Bring Artifacts Together

Even in many of the best conventional digital forensics systems, every artifact, or piece of evidence, is handled separately. This means that artifacts are instantly siloed, with a single custodian assigned to each. Considering that major cases might involve hundreds of artifacts, this arbitrary separation of evidence is glaring, and creates headaches for investigators.

You can use D3 to document attributes of digital artifacts and investigations. Related artifacts can be grouped into larger cases and shared between investigators, along with corresponding notes and other relevant information. This capability breaks down the divisions between pieces of an investigation, enables multiple investigators to collaborate on cases, and eliminates the unsecure step of managing information in spreadsheets and documents.

Report on Case Management and Forensics Data

Moving digital forensics data into D3 allows you to harness its powerful information management capabilities, which includes detailed metrics and reporting. D3 can create reports based on almost any data that is entered into the system, including:

  • Amount of forensics data retrieved and processed
  • Time/date of data retrieved, processed, and accessed
  • Amount of data processed during eDiscovery
  • Person-hours, tool usage, or costs spent on an investigation
  • Cost comparisons (e.g. the cost of internal processes versus external vendors’ rates)
  • Case request sources
  • Overdue cases, tasks, or SLA stipulations

D3’s presentation layer can then be used to display the data visually, through tailored dashboards, charts, graphs, and trend reports.

Track Evidence and Chain-of-Custody

D3 also supports forensics teams by providing provable chain-of-custody for evidence. Any action related to digital evidence is logged in an unalterable audit trail, and granular access controls restrict the data to a knowable subset of employees. Access to physical evidence, such as retained hard drives, can be recorded using unique barcodes that are created and printed natively by D3, and scanned using the D3 app.

D3 Digital Forensics Case Management

Case management is a key component of digital forensics investigations, and with the growing demands of both the enterprise and courtroom, it requires a dedicated solution to get it right. D3 is uniquely capable in this regard, providing organizations with the ability to intake case requests and custodian lists; assign tasks and cases; track physical and digital evidence; and report on forensics processing and chain-of-custody. Not only that, but D3 provides a workflow tool that manages notifications, approvals, and eDiscovery, along with a presentation layer for benchmarking, trend reporting, link analysis, and overall program management. All of this happens within a secure, scalable program that eliminates the need for spreadsheets and upholds the evidentiary-quality data standards that you need.

To learn more about the D3 Digital Forensics Case Management Platform, book a web demo with our solutions experts. They can show you first-hand all of the features we’ve covered in this blog post.

Stan Engelbrecht

Stan Engelbrecht

Stan is the director of D3’s cybersecurity practice and an accredited CISSP. Stan is involved throughout the product delivery and customer success lifecycle, and takes particular interest in working with customers to configure organization- and industry-tailored solutions. You can find Stan speaking about cybersecurity issues at conferences, in the media, and as the chapter president for a security special interest group.


Comments

Add a comment:

email

username

url

your comment

Your comment will be revised by the site if needed.