I've been playing with mind mapping software lately, mostly using the wonderfully open source freemind. I'm definitely not the first one to consider using this for forensic analysis, but hopefully I can help spread the meme and help us all organize our thoughts.
Just for fun, here's a sample starting point for a fake embezzlement case if you've not seen a mind map before:
Image 1: Basic Mind Map
I've posted it here in case it's easier to start with a template.
Nothing but the facts right? Now the beauty isn't it's complexity, it's the dynamic nature of the tool allowing you the freedom to think of something, jot it down immediately, categorize it later and avoid the dreaded 2 a.m. wake up because you forgot something. You hover over a node, press insert, type and you are done. Drag it wherever you like, if it's in the wrong spot/category. Freemind doesn't offer timeline templates, however, Matchware does, which is especially useful for forensics.
Here's another expansion of the same template with some detail as we learn more about our case:
Image 2: After we've learned a bit more
Finally let's imagine that we've stumbled upon some key bit of information. Simple copy/paste adds it to our map:
Image 3: After we've learned a bit more
And we've got something we could even show a client, get their feedback on, add new branches, etc. Give it a go!
Jeff Bryner , GCFA Gold #137, also holds the CISSP and GCIH certifications, occasionally teaches for SANS and performs forensics, intrusion analysis, and security architecture work on a daily basis. He just re-upped on GCFA *and* GCIH and may actually now flirt with free time rather than ogle it from across the street.
.png "Anastasia Sentsova")
