Out of curiosity how long does everyone spend on a case?
If you are willing to disclose the following it would be appreciated(ballpark figures are good enough)
Longest amount of time spent on a case
Number of systems involved in the above
Cost to client of analysis
Shortest amount of time spent on a case
Number of systems involved in the above
Cost to client of analysis
Average amount of time spent on a case
Average number of systems involved in cases
Cost to client of analysis
An easy case with 1x 80 Gb home computer where the allegation is child abuse and there are a good quantity of (and with no attempt to hide) images, internet usage etc will take about 4 to 5 working days from reception through imaging, examination, production of exhibits and statements etc.
Longest time spent on a case was 8 months doing one computer that was being used to run a home based website selling illegal drugs worldwide and that led to the recovery of 1.2 million "deleted" webpages from unallocated apart from all the other evidence from e mails, stock sheets, FTP etc. Statement was 700 plus pages long and I eventually produced over 500,000 exhibits.
Average size job now in relation to home based computers i would estimate is at least two computers with at least 250Gb of hard Drive and these are normally accompanied by anything from a few dozen to a few thousand CD, DVD etc.
As for cost - As I am LE I will do them for nothing!!!!!!!!!!!
I'm a private agency and so a little different. Often I will represent the defence who are asking particular questions regarding statements made by the prosecution expert. In those cases I many only need a day looking at the evidence.
Otherwise I would agree generally with Mark however I would likely take an average of 3/4 days for his first example.
Also it is worth mentioning that you may return to a case over weeks or months. I may do an initial investigation but then the defendant makes certain comments that sends us back to the data. Sometimes this even happens during the Court case. So from having the drive in your hand through to closing the case may be months for even a simple job.
Cheers
Nick
Good question. I work in a team of 5, the cases we work on tend to be insider corporate mischeif. You know, when someone is offloading corporate secrets to a home PC for example.
A case like that takes about a month to complete. Time is spent defining the scope of the case. Corporations tend to "know" they are up to something but don't know exactly what.
Once the scope is deifned, it's a matter of sitting back and watching until you have enough solid evidence. Usually 1-2 weeks if they are active.
Once everyone is satisfied, then the employee is charged and terminated, the computer seized, and the process is straight forward from there. Another week.
Report writing is mostly canned for us as we have done many of these cases. If not, then add another 1 to 2 weeks.
thanks for the responses. The reason I had asked was because I just finished an incident that involved 12 systems and took roughly 500 "man hours" to complete and I was attempting to get a feel for how efficient our process is.