Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,210 --> 00:00:04,620 In this video, we're talking about handling data in dealing with informational overload. 2 00:00:05,790 --> 00:00:12,930 Now when you're running a health investigation, someone is most likely tasking you with running that 3 00:00:12,930 --> 00:00:13,770 investigation. 4 00:00:14,160 --> 00:00:17,490 So if that's the case, you'll probably want to get a few things in place. 5 00:00:18,530 --> 00:00:23,590 One, you want to get the contact information for whoever you need to deal with, whoever you need, 6 00:00:23,600 --> 00:00:26,030 update or hand over your report to. 7 00:00:26,870 --> 00:00:29,060 You also want to find out what the scope of work is. 8 00:00:30,240 --> 00:00:37,470 You want to see what was considered out of scope, especially things like those investigations tend 9 00:00:37,470 --> 00:00:41,730 to be very private, very confidential. 10 00:00:41,730 --> 00:00:44,880 So you do want to find out what's going to be outside that scope. 11 00:00:44,880 --> 00:00:47,790 And so that way you get a better idea of. 12 00:00:49,090 --> 00:00:57,370 How you need to frame your your investigation and not violate anything, whether it's legal or if it's 13 00:00:57,640 --> 00:00:59,650 work related or anything else. 14 00:01:00,880 --> 00:01:05,620 You want to find out if there's any special considerations you need to take in taking into account for, 15 00:01:06,190 --> 00:01:08,560 you want to see what the timeline is that way, you know? 16 00:01:09,550 --> 00:01:13,540 How quickly you need move on this or how thoroughly you can, you're able to be on it. 17 00:01:14,230 --> 00:01:17,080 You won't find out any special data retention requests. 18 00:01:17,080 --> 00:01:19,640 Things like does the data have to be encrypted? 19 00:01:19,660 --> 00:01:23,350 Do you need to file shredded afterwards things of that nature? 20 00:01:24,070 --> 00:01:31,330 You also want to find out or actually get in writing whether to email a letter type, what not. 21 00:01:32,780 --> 00:01:34,340 The entire scope of this work. 22 00:01:35,570 --> 00:01:37,400 There's a few reasons for that one. 23 00:01:37,940 --> 00:01:40,460 It makes it easier to actually have it in writing. 24 00:01:40,490 --> 00:01:47,150 In most cases, that way, you can go back and reference it and also it helps liability on both sides. 25 00:01:47,780 --> 00:01:53,030 If something goes wrong, you could point to, well, this is a scope of work that you gave me, and 26 00:01:53,030 --> 00:01:54,170 I stayed within the scope. 27 00:01:54,380 --> 00:02:00,830 Likewise, it works in favor of the employer or whoever's asking you from the investigation also to 28 00:02:00,830 --> 00:02:02,990 make sure that you do stay in that scope of work. 29 00:02:06,110 --> 00:02:10,460 So when it comes to data collection, you're going to be collecting a lot of different information during 30 00:02:10,460 --> 00:02:13,760 your investigation and most likely to collect a lot of things. 31 00:02:13,850 --> 00:02:19,700 These things like names, addresses, email addresses, phone numbers, social media posts, photos, 32 00:02:19,700 --> 00:02:22,010 text homes, passwords, et cetera. 33 00:02:22,820 --> 00:02:28,820 The amount of data you can collect can easily become overwhelming, especially when you're starting 34 00:02:28,820 --> 00:02:29,180 out. 35 00:02:31,300 --> 00:02:36,220 The uncertainty of what to keep and want to get rid of can also be pretty stressful. 36 00:02:37,350 --> 00:02:39,000 So how do we handle this? 37 00:02:39,030 --> 00:02:44,910 Well, there's a few tips in order to keep calm, and this is what I tend to do so. 38 00:02:46,030 --> 00:02:51,100 When I collect information, I first make sure that it's going to be within the scope of work. 39 00:02:52,050 --> 00:02:57,450 Anything and everything that may fall into that scope, I could I go ahead and collect? 40 00:02:57,750 --> 00:03:03,720 Once I get that information, I break it out in different sections phone numbers, names, social media 41 00:03:03,720 --> 00:03:06,390 posts, photos, whatnot. 42 00:03:07,500 --> 00:03:13,620 It helps breaking that information out, it helps consolidate down, and also when you're going back 43 00:03:13,620 --> 00:03:16,770 and reference in the information, it makes a little bit easier. 44 00:03:16,770 --> 00:03:20,310 You're not looking at a big jumble of information and trying to sort through it. 45 00:03:20,700 --> 00:03:25,200 No one's broken up into smaller sections say, Well, I need to get to the phone numbers. 46 00:03:25,210 --> 00:03:29,010 Let me check the phone numbers while I have it in this container right there. 47 00:03:29,100 --> 00:03:31,260 Listen names, friends, associates, whatnot. 48 00:03:31,260 --> 00:03:36,180 OK, I have that in this container I can look through there in it makes indexing it a lot quicker. 49 00:03:37,350 --> 00:03:43,650 And once I had my initial data, look at the scope work and determine what my next move is, if the 50 00:03:43,650 --> 00:03:46,700 job is done, if I see a Twitter user does it. 51 00:03:47,610 --> 00:03:50,070 I'll take a look at the the name. 52 00:03:50,460 --> 00:03:52,050 Is there a name associated in there? 53 00:03:52,170 --> 00:03:54,000 I'll take a look at their friends to their friends. 54 00:03:54,000 --> 00:03:56,140 Have give up a location or a name. 55 00:03:56,760 --> 00:03:58,560 Did they give orders or photos? 56 00:03:58,560 --> 00:04:01,290 I could pull the geo location off of things like that. 57 00:04:01,530 --> 00:04:07,920 So once you have your data, at least initial data and you started going through it and you review your 58 00:04:07,920 --> 00:04:12,510 scope of work, you can kind of figure out what your next move is going to be and kind of splinter off 59 00:04:12,510 --> 00:04:13,110 from there. 60 00:04:16,060 --> 00:04:18,430 So additional data handling considerations. 61 00:04:18,910 --> 00:04:23,560 You want to keep your investigation and data isolate to your virtual machine. 62 00:04:23,590 --> 00:04:25,090 No, there's a few reasons for that. 63 00:04:26,260 --> 00:04:31,930 Having your information isolate your virtual machine one, you can make sure your virtual machine is 64 00:04:31,930 --> 00:04:38,410 clean by reverting back to the snapshot before you do your investigation to if you make a backup of 65 00:04:38,410 --> 00:04:38,890 the VA. 66 00:04:40,000 --> 00:04:40,810 Anything happens. 67 00:04:40,810 --> 00:04:45,910 You can always you always have that backup and purity of that information. 68 00:04:46,960 --> 00:04:51,100 Also, it's easier to just go and encrypt that VM or if you're. 69 00:04:52,490 --> 00:04:57,200 Handing over the information information, you could make a copy of that volume through a USB drive 70 00:04:57,200 --> 00:04:57,860 for your client. 71 00:04:59,580 --> 00:05:02,340 You want it if you need to keep the operation secure. 72 00:05:02,370 --> 00:05:06,030 Consider encrypting your data in the VM, you can do things like. 73 00:05:07,630 --> 00:05:11,810 A number of data encryption options, encrypted small drive on on that. 74 00:05:12,860 --> 00:05:18,410 That way, if something have served him against compromise, your computer gets stolen whatnot, that 75 00:05:18,410 --> 00:05:19,730 information's encrypted. 76 00:05:20,090 --> 00:05:23,150 Likewise, you could encrypt the entire VM. 77 00:05:24,830 --> 00:05:31,430 I tried that a couple of times I have run into issues personally, but if if you're dealing with a lot 78 00:05:31,430 --> 00:05:33,050 of stuff, you might just want to encrypt the data. 79 00:05:33,050 --> 00:05:39,530 But again, if you're if you're need that extra layer security, you could always change the password 80 00:05:39,530 --> 00:05:45,170 default password on your VM for Trace Labs, the one that we're using here or whatever volume that you're 81 00:05:45,170 --> 00:05:45,680 using. 82 00:05:46,280 --> 00:05:48,320 And I do recommend doing that anyways. 83 00:05:49,550 --> 00:05:51,410 That's just an extra layer security. 84 00:05:52,330 --> 00:05:57,640 Also, depending on your scope of work, you may be working with a no contact investigation. 85 00:05:58,680 --> 00:06:01,260 Things like do not contact the target directly. 86 00:06:01,470 --> 00:06:09,330 Do not contact Target's friends or family, but things like do not send a password reset for, say, 87 00:06:09,330 --> 00:06:11,930 Facebook because it might alert the target. 88 00:06:11,940 --> 00:06:14,970 You need to pay special attention to these types of requests. 89 00:06:16,130 --> 00:06:21,710 And unless expressly allowed, do not share specific information about your investigation with anyone 90 00:06:21,710 --> 00:06:25,430 outside of the investigation group before, during or even after. 91 00:06:26,440 --> 00:06:30,460 Depending on what your investigation is, it's most likely going to be. 92 00:06:31,490 --> 00:06:36,620 Things are of a sensitive nature, and it could either tip people off, it could, it could hurt. 93 00:06:37,500 --> 00:06:38,880 Potentially hurt people. 94 00:06:40,440 --> 00:06:42,370 You may potentially become a target. 95 00:06:42,400 --> 00:06:43,250 What not you? 96 00:06:43,920 --> 00:06:45,540 And it also could be a legal issue. 97 00:06:45,540 --> 00:06:52,890 So my recommendation is don't share information about that investigation unless specifically are expressly 98 00:06:52,890 --> 00:06:53,460 allowed. 99 00:06:55,640 --> 00:07:00,620 So this was about data retention and handling data and trying not to get overloaded. 100 00:07:01,220 --> 00:07:02,060 Thank you for watching. 101 00:07:02,090 --> 00:07:03,020 We'll see you next VIDEO. 10208