PiRogue Tool Suite

Case management

In the context of digital investigation, the effective organization and management of cases are imperative. As a digital investigator you focus on documenting incident, the utilization of Colander serves as a comprehensive platform to streamline and document investigative efforts. This document explain how to use Colander for organizing and managing digital investigation cases.

Overview

Case management is the overarching framework that organizes and oversees the entire digital investigation process, from the initial identification of a potential crime or incident to the final report and resolution. It serves as a central hub for coordinating all aspects of the investigation, ensuring that the investigation is conducted effectively and efficiently.

Case folders

Comprehensive and well-structured case files serve as the backbone of any digital investigation. They should contain detailed information about the investigation, including the nature of the incident, relevant case documents, witness statements, electronic evidence, and any other relevant data. In Colander, everything is organized in cases. A case is defined by a name, a description and its confidentiality TLP and PAP levels.

Overview of the case creation form
Overview of the case creation form

Timeline/Chronology

Establishing a clear and accurate timeline of events is crucial for understanding the sequence of actions taken and identifying potential patterns or relationships. This timeline should be built from various sources of information, including witness statements, electronic evidence, and communication logs. Among other types of entities, Colander allows describing events of different types. These events are then organized in a timeline. These events can be related to actions performed on the current they belong to or can be related to any other entities.

Overview of the event timeline
Overview of the event timeline

Collaboration

Effective communication and collaboration are essential for ensuring that all parties involved in the investigation are aware of the latest developments, progress is tracked, and potential roadblocks or issues can be promptly addressed. This includes sharing relevant information across departments, and facilitating communication between investigators, legal teams, and other stakeholders. In Colander, cases, and their entire content, can be shared with multiple teams of contributors. Only the owner of a team can invite new collaborators, to do so, the owner has to ask each user their contributor ID. This way, users can refuse being added to a given team.

Overview of team management
Overview of team management
Edit this page on GitHub
Prev
Collaboration
Next
Knowledge management