The area of computer forensics is complex and requires advanced knowledge and experience. To be successful, law enforcement agencies need up-to-date computer forensics examiners. It comes at no surprise that the pool of qualified candidates is limited because these candidates must be highly trained specialists, possess detective and technical skills, including knowledge of various IT hardware, software and forensics tools. Add to that the increase in number of crimes that involves computers, and we have a problem on had that every law enforcement agency has on hands – how to manage limited resources of a forensics lab, what cases should they prioritize, and what determines the priority.
Scope, time and cost are the triple constraints of any project management situation. Scope and cost/time typically have an inverse relationship. If more tasks in a project need to be completed, that requires more input in time and cost. In most forensics cases, your scope is determined by either a warrant or a directive from an investigation team lead. In order to properly leverage limited human resources, it is important to communicate proactively to determine what cases are more urgent. This approach might not be the most effective, as, sometimes, these decisions might be political in nature, but it ensures that law enforcement management sees forensics lab as a valuable resources that can deliver results. That in turn, provides an increased opportunity to request or maintain an appropriate amount of resources.
In addition, the full power of technology must be utilized. Automation must become the motto of the forensics team. Various searches, hard drive imaging, data reconstitution, all these tasks could be automated which frees up the resources of a forensics lab.
Finally, bureaucracy must be fought viciously. Tasks like, managing paperwork, which includes rendering useless reports and having zero value adding bureaucratic procedures must be eliminated. All of the internal document flows must be either automated, moved to digital or removed if no value added.
It is no easy task to manage limited resources, especially when it comes to law enforcement, because decisions you make may impact people’s lives, matters of justice, who roams free or who might go to jail. Therefore, project management, especially when it comes to forensic investigations, must be given careful consideration.
With that, I am curious, if anyone has a different prospective on managing scope and time of forensic investigations. Think of this, if you strictly stick with the narrow scope of a directive, a forensic investigator might not discover what they were looking for. However, if scope were to be expanded, may be evidence of a different or related crime could have been found.