This article offers tips for a safe and responsible online investigation.
|Imagine that you and your friend, John, are planning to see your favorite band at a concert across the country. When debating the choice to fly or drive, you decide that it's best to travel by car because it saves money and offers sight-seeing opportunities. John, on the other hand, is concerned that you'll both be late for the event and therefore prefers flying. He points out that the roads are unfamiliar, the trip takes longer, and there could be unforeseen delays like weather and traffic. You believe your plan is better than flying, but how do you convince John to accept this plan?
If planning a trip sounds familiar, then you may remember how much research on the Internet you had to do to solidify your plan. This is because the Internet is the fastest and most convenient way to search for information in modern day history. In this example, backing up your plan with research will most likely convince John that driving is better than flying to the concert.
But have you ever deliberately planned on a process for research itself? Do you account for the risks associated with collecting information on the Internet? Not the typical virus or malware - I mean the threats of misinformation, disinformation, and compromise. Even further, do you think about how your virtual activities could potentially appear or be inappropriate or threatening to other users?
On the surface, planning a trip doesn't sound like you need to go this far. But practitioners of online investigations will argue that these questions are important for safe and responsible research. Think about it - basing your travel plans on information derived from online sources that are foreign, unverified, and/or lacking credibility (or even existence) could have financial implications or even compromise your identity. Having a detailed plan isn't just focusing on Point A to Point B. It's an essential part of guiding your plans.
We'll explore these thoughts using a six-step process that covers all of these risks (and more) to provide a safe and responsible experience during an online investigation: develop a requirement, assemble the team and tools, draft a concept, outline the collection plan, conduct the collection activity, and analyze and share the results.
Step 1: Develop a Requirement
This is common sense, but figure out what you're trying to accomplish and why it's important in less than five minutes. This step ensures that your time and energy are not wasted. Deduce what you know and what you don't know, then focus on what you think you know to generate a requirement. By the end of this step, you should be able to say, "I need to do this in order to do that."
In this case, you know John is currently not convinced about driving and you don't know if John will change his mind about flying. You think that gathering information for both options will provide insight on the opportunities and costs that can potentially convince John about driving. So, you need to research the opportunities and costs associated with driving and flying in order to convince John that driving is the best option.
Step 2: Assemble the Team and Tools
Next, determine which people you need and what equipment you think is necessary to achieve your requirement. I recommend no more than three people per task; too many heads could slow progress. It's also worth considering the qualifications of each person to meet the requirement. The equipment, however, varies depending on the task. Certain state-of-the-art software, tools, and/or licenses (i.e., virtual machines and protocols) may be necessary to complete complex and sensitive tasks (this is common for sophisticated governments and organizations).
Fortunately, for our simple task of planning a trip, you can just ask John to help with the research and make sure your device has basic software protection and a secure Internet connection.
Step 3: Draft a Concept
With the purpose set and the team and tools prepared, you are ready to provide direction. Explain how and when you will meet your requirement in a way that a five-year-old child can understand it. List and prioritize the gaps (things you don't know) that you want to research, assign them as tasks to your team, and provide a timeline with deadlines for each task to maintain focus and progress. Draw out the plan if necessary; the goal is to keep this simple.
Now we can return to our trip to put this in practice. The concept should be centralized around the option of driving (however, John may want to explore the option of flying, in which case this will impact deadlines). Gaps associated with the option of driving are prioritized as follows: the unfamiliar routes, time to drive to and from the event, and possible weather and traffic impacts. Therefore, the investigation will first identify routes that consider amenities like rest stops, gas stations, and lodging areas (speaking of which, it would be wise to investigate the cost for gas and lodging along each route). Then, the investigation will prioritize those routes using time-distance analysis for each destination along its respective route. Finally, the investigation will analyze the weather and traffic patterns in the days leading up to the event along each route. If time allows, the investigation may explore other interesting destinations that could make the trip a better experience. It's safe to plan for both of you to take a day to complete your respective investigations.
Step 4: Outline the Collection Plan
After outlining how you will conduct your investigation, determine the ways and means that you will actually perform each portion of that investigation. This is the most important and complex portion that I've seen most people work through trial and error. With that said, I limit my tips here to risk management, specifically: managed attribution (concealment against personal affiliation), layering (identity protection), and sourcing (selective collection). Examples include: installing the latest software protection updates; using a virtual machine and private network, disabling browser tools like cookies, tracking history and recommendations; and accessing secure websites (with hypertext transfer protocol, secure socket layer and transport layer security). The point here is to eliminate as much of a digital trail as possible and be critical about information on the Internet.
Let's finalize this planning trip. You and John install software protection updates to protect against traditional cyber threats and are using a virtual private network to layer your activities. You also both decide to mitigate the risk of possible misinformation and/or disinformation attempts by collecting on websites with a credible domain name (i.e., .gov) and retrieving information from more than three reputable online sources. Although not immediately, retrieved information will be analyzed later to determine quality (level of detail), credibility (reputable sources), and standard deviation (how different it compares to similar information).
Step 5: Conduct the Collection Activity
At this point you are ready to start gathering information for your investigation. However, this step emphasizes expectation management. Mike Tyson said it best: "Everyone has a plan, until they get punched in the mouth." Simply put, do not expect the investigation to go according to plan. Reality has a way of introducing elements that may cause you and/or your team to deviate from the plan. If and when this happens, remember that the plan is a guide that should change as the investigation progresses.
It's possible that you or John could conclude your investigation prematurely, but try not to drag it on too long. The point is that you want to convince John to adopt your plan, so if you found compelling evidence that meets this end state, then there's no reason to proceed with the rest of the plan.
Step 6: Analyze and Share the Results
Conclude the investigation by taking all evidence and material that can be used to make a decision. Information that has quality, credibility, and comparability are most valuable and should be prioritized. Unless the investigation must be on paper for a sophisticated organization or business, it may be sufficient enough to simply speak about the results. Compare all other results to yours to paint a wholistic picture of the situation. Whatever the decision may be, it's best to log and share everything you've done in your investigation for future reference.
By following your plan and compiling enough information to support your previous recommendation that driving is the better option, John will likely be more comfortable with the idea of driving. I'll leave it up to your imagination whether you both drive or fly, but either way you should have an idea how to be more astute when conducting an online investigation.
To close, I draw attention back to the title of this article: Tips for Online Investigations. There's no way to nail this process down to a science, but it can deliver results. I encourage you to try it out and see what works and what doesn't, then build your own process that fits your style. It's a fascinating practice that is versatile for both professional and personal endeavors. Just remember to be safe and responsible.