WEBVTT

00:01.380 --> 00:07.380
In this video, we're going to be talking about handling data and dealing with informational overload.

00:08.670 --> 00:15.180
So during your own investigations, you're probably going to end up with a whole lot of data, data

00:15.180 --> 00:19.890
that you're going to use, data that you need to organize, data that you're not going to use.

00:20.070 --> 00:22.680
So these are going to be some tips on how to organize.

00:22.680 --> 00:27.870
It's stuff that you want to collect and kind of how to not get overwhelmed by it.

00:28.230 --> 00:33.390
So things that were typically looking for in OWS investigation is contact information.

00:33.390 --> 00:37.980
We want to know the scope of work, what is considered out of scope.

00:37.980 --> 00:43.140
This is all going to be stuff for when you're being contracted for OWS an investigation or you're being

00:43.140 --> 00:45.510
asked to perform a OWS investigation.

00:45.510 --> 00:49.620
You want that contact information so you know well who to contact.

00:49.620 --> 00:54.630
If there's a question or problem, or when you finish, you want to know what's in the scope of work,

00:54.630 --> 01:01.500
what they expect you to do, what is considered out of scope, things like, well, can I, can I send

01:01.500 --> 01:08.370
a pastor reset request to say, Facebook or social media to find out if they have an account there?

01:09.150 --> 01:14.250
Are there any special considerations you need to have things like, well, there always needs to be

01:14.250 --> 01:18.530
a VPN, I have to do this on a non personal computer, etc..

01:18.540 --> 01:21.540
Is there a timeline that you need to get this done by?

01:22.050 --> 01:27.660
IS are there special data retention requests, things like Do the files need to be encrypted?

01:27.690 --> 01:35.430
Do you need to shred the files after after the fact, etc. and informational get the information in

01:35.430 --> 01:41.730
writing in either an email or a letter, something where you could refer back to if there's a question,

01:41.730 --> 01:43.980
if there's a problem or whatnot.

01:43.980 --> 01:45.480
You want that information.

01:45.480 --> 01:46.950
All of this in writing.

01:48.040 --> 01:50.260
It protects both you and the client.

01:52.100 --> 01:57.260
So data collection during the investigation, you're likely again to collect a large amount of data.

01:57.560 --> 02:02.780
This data can include things like names, addresses, email addresses, phone numbers, social media

02:02.780 --> 02:06.760
posts, photos, text stems, passwords, etc..

02:06.770 --> 02:10.760
And again, getting all this information can be really overwhelming.

02:10.760 --> 02:14.210
You can get over room pretty easily and that's pretty common.

02:14.540 --> 02:15.500
So.

02:17.450 --> 02:24.650
What you want to do is things the uncertainty of what you keep and don't want to keep.

02:25.340 --> 02:27.170
Again, that can be really stressful.

02:28.210 --> 02:32.440
So first, first and foremost, I know it's easy to say, but try to keep calm.

02:35.040 --> 02:38.160
Try to collect information that's within the scope of work.

02:38.190 --> 02:43.080
Anything and everything may fall into the scope of stuff that you're collecting.

02:43.080 --> 02:43.520
So.

02:43.830 --> 02:50.610
So for me personally, I tend to collect everything initially unless I know it's out of scope and then

02:50.610 --> 02:52.470
we can kind of break it up from there.

02:53.310 --> 02:59.370
Once that information is broken down into sections, we can break down things like phone numbers, names,

02:59.670 --> 03:02.010
places, dates, etc..

03:03.000 --> 03:09.030
So and again, once I have that initial data, I'll take a look at it again, see if it's in scope or

03:09.030 --> 03:09.960
out of scope.

03:10.260 --> 03:16.770
And if the job is to, say, identify a Twitter user, does any of the information have a name?

03:17.370 --> 03:19.620
If it has a name, I'll look at their friends.

03:19.620 --> 03:24.510
Do their friends give a location or a name or other information that I'm interested in, things like

03:24.510 --> 03:24.870
that.

03:24.870 --> 03:28.860
And we'll be kind of walking through this again to later in the course.

03:30.630 --> 03:32.610
So additional considerations.

03:32.610 --> 03:37.320
Keep your investigations and data isolated to your virtual machine.

03:37.410 --> 03:43.550
So if you need to keep your up, your operation secure, consider encrypting your data in your VM,

03:43.560 --> 03:48.570
things like keepass for your passwords.

03:48.570 --> 03:52.110
And there's very scrip for encrypting the data, things like that.

03:52.530 --> 03:56.900
Depending on your scope of work, you may be working in a no contact investigation.

03:56.910 --> 04:03.060
In other words, don't you are not allowed to directly contact your target or your target's friends,

04:03.060 --> 04:07.060
family, etc. You want to pay special attention to this?

04:07.080 --> 04:11.220
Again, you don't want to break your contract and also you don't want to.

04:11.580 --> 04:18.900
Typically those things are there for well, you don't want to spook the target or whatnot unless you're

04:18.900 --> 04:20.040
expressly allowed.

04:20.040 --> 04:24.630
Do not share specific information about your investigation with anyone outside of the investigation

04:24.630 --> 04:27.170
group before, during or after the event.

04:27.180 --> 04:32.580
Again, you want to make sure when you're dealing with those investigation for someone that you want

04:32.580 --> 04:35.580
to find out what you're allowed and not allowed to do.

04:36.750 --> 04:39.750
So these are some considerations with handling data.

04:40.170 --> 04:41.040
Hopefully it helped.

04:41.040 --> 04:46.230
If you have questions or problems, let me know and I'll do my best to address it.

04:46.320 --> 04:47.530
Thank you for watching.

04:47.550 --> 04:48.510
I'll see you next video.