By Cynthia Hetherington

Do you have laser-like focus? Are you effective in communicating with clients? Diving deep to find the needle in that haystack? Able to absorb volumes of information, discern the facts, and write them in an orderly fashion? Does the old adage, “God gave us one mouth and two ears” speak to you? These are all traits required of a successful investigator. Before you set to work on any cyber investigation, you may need to learn how to CRAWL: Communicate, Research, Analyze, Write, and Listen.

CRAWL allows investigators to implement a foundational approach for receiving new projects, reporting their findings, and transcending their competitors in customer-service response. Good investigators say that research is the most important step. Successful investigators say that analysis and good report writing can be very profitable. Great investigators know it is all in communicating with their clients, with an emphasis on listening. A solid investigator who is profitable, well-respected, and seeking steady work needs all five components.

Veteran investigators know that there are specialists in certain fields of research. Some fields of specialization are arson, surveillance, business backgrounds, organized crime, matrimonial, defense, and legal. As varied as these fields are, these experts all utilize the fundamentals of CRAWLing. CRAWLing demands skills beyond the investigator’s specialization.

CRAWLing is the business model for investigators, just as the scientific method is a constant for scientists.

Without a fundamental application of the principles of CRAWL, an investigator may have a short career, because she or he will not see return business, will become frustrated over inconsistent reports, and will not understand why the phone is not ringing. In this 6-part blog series, I will teach newbies how to CRAWL and help seasoned investigators refine their skills.

Last week we focused on Analysis. This week we explore how to Write your report.

The Basics of a Writing a Report

Creating a written report for your client should be done according to the expectations that were established when the project was assigned. Basic ingredients of your report are a restating of the objective, the results of your investigation, and your recommendations, if any. Investigators should also consider adding their search techniques, disclaimers, and the always important contact information.

While there are many styles used to write reports, using a format that is simple, clean, and professional is a definite must. An excellent reference for report writing is what I have called my “go to guide” since college – The Publication Manual of the American Psychological Association, aka APA Style Manual. Although using this reference may seem like overkill for some reports, keep in mind the report could be read by attorneys and judges. By using a format commonly used in graduate schools, your client will understand the style and appreciate the attention to detail.

Clients may also request a visual presentation be prepared to be shared with an audience. This is primarily done using Microsoft PowerPoint. Using PowerPoint allows you to hit the key points of your investigation and avoid much of the laborious detail that sometimes fills pages. Even if you use a presentation tool, I always recommend following it up with a written report and a PDF of PowerPoint your presentation.

Remember When Writing:

  • Be clear, concise, and use proper grammar.
  • Be wary of using nebulous words like comprehensive, complete, and conclusive.
  • Stick to a standardized, minimal set of fonts. Getting too fancy is distracting. If a report is reformatted on the client’s computer and fonts are substituted, the report could look quite different from what you intended.
  • Indicate what task is pending and make recommendations, if warranted.

Disclaimer for Database Errors

Sometimes databases and online sources make mistakes, or the details cannot be verified. In the footer, on the last page of all my reports, I add the following statement to protect myself against errors and omissions that occur from badly obtained data:

Information is obtained from a multitude of databases, records-keeping systems, and other sources, of which [Company Name] and/or its suppliers have no control These are fallible, electronic and human sources. There can be absolutely no warranty expressed or implied as to the accuracy, completeness, timeliness, or availability of the records listed, nor to the fitness for the purpose of the recipient of such records or reports. Information provided may be limited or not totally current. There is absolutely no guarantee that the information exclusively pertains to the search criteria information, which was submitted by the requesting party.

Your reports have serious implications in the business world and the personal lives of people you investigate. Yet, as investigators we rely heavily on the database services we use, and albeit we try to discern and verify every last detail, no system, database or analysis is ever 100%.

Be sure to check back next week, when I discuss Listening!

Are you an analyst or investigator looking for introductory training on conducting OSINT investigations? If so, check out Hg’s August special webinar training package: Online Social Media Primer Series.  This introductory primer series will teach you why to use these platforms, how to get into them, where to look, what nuances and leads you need to chase down, and how they are all interrelated. We’ll also discuss how to capture content per service, so you can present it in your reports.

 

With over twenty-five years of global experience in open source investigations and one of the first investigative firms to conduct online social media investigations, Hetherington Group develops advanced cyber investigations unique to your needs. Learn how Hg’s analysts can clear through jargon and uncover answers buried deep in open sources, social media pages, and Dark Web sites.

 

Cynthia Hetherington, MLS, MSM, CFE, CII is the founder and president of Hetherington Group, a consulting, publishing, and training firm that leads in due diligence, corporate intelligence, and cyber investigations by keeping pace with the latest security threats and assessments. She has authored three books on how to conduct investigations, is the publisher of the newsletter, Data2know: Internet and Online Intelligence, and annually trains thousands of investigators, security professionals, attorneys, accountants, auditors, military intelligence professionals, and federal, state, and local agencies on best practices in the public and private sectors.