Extract from Justin Tolman’s article “Key Strategies for Balancing Investigation Time and Quality”
Digital Forensic Investigators face an ever increasing amount of cases, consisting of devices storing an increasing amount of data. Unfortunately, the number of hours in the day have remained the same. ‘Being busy’ is no excuse for reducing the quality of work when performing digital examinations.
In a recent episode of FTK Over the Air Podcast, Brett Shavers former investigator and author of the book, DFIR Investigative Mindset, Placing the Suspect Behind the Keyboard Volume 2 shared some tips with me on balancing quality of work and time. While the word “suspect” may imply a law enforcement perspective to investigations, it is not just law enforcement that is carrying heavy caseloads.
Historically, corporate Incident Response teams primary focus has been to stop the breach and return to “normal”. Updated CISA and NIST standards for Incident Response playbooks and frameworks are now including requirements for forensic investigations to be conducted. This will likely increase the workload on corporate forensic teams. Balancing time during an investigation is a crucial skill regardless of industry.
