Michel Fiola's employment was terminated and the individual faced criminal charges when illicit activity and material was identified and located on his workplace system.
Figure 1 illustrates further development of the cognitive model. Pairs should now consider the abstraction or bottom-up processes that support investigators in progressing from External Data Sources to Presentation.
Pairs have been given the initial abstraction process of Search and Filter, where investigators may use keyword analysis and timestamps to only consider data pertinent to the investigation and discard the rest. Pairs have also been given the final abstraction process of Tell Story, where the investigator present their findings or narrative based on evidence to the court or panel.
|
|---|
| Figure 1: Abstraction processes that support progression through the cognitive steps. |
Pairs have provided a log file that is a timeline of activity drawn from the laptop discussed in the case. The log file represents an external data source.
Pairs are required to (1) determine a narrative of the criminal activity, if any, performed by the individual and (2) devise at least THREE key abstraction processes. The three processes complement the two already provided, in supporting investigators to progress from External Data Sources to the final Presentation.
Pairs should:
Consider log file one [10 minutes]. One of the partners should consider the first log file from the case. The log file contains salient data points gleaned from a hard disk from the case study. The partner considering the log file is required to formulate an initial narrative of the suspected criminal behaviour of the former employee. The partner should think aloud the actions and steps they are taking.
Support, encourage and identify [10 minutes]. The other partner should act as coach and monitor the partner considering the log. The coach should support and encourage the other partner, for example: praising when they make a useful insight and correcting if they make a mistake. The other partner should also identify the abstraction processes that the other partner is performing in considering the data and progressing towards their narrative. The partner should note down the potential abstraction processes on sticky notes or index cards provided.
Consolidate abstraction process [5 minutes]. The pair should now consolidate the potential abstraction processes into no more than THREE processes that fit within the current model.
Document [3 minutes]. Pairs should produce a THREE minute presentation, one minute articulating and providing justification for each of the abstraction processes.