DOCUMENT INCIDENT DATA

This section reviews how Investigation Catalyst can be used to support documentation needs originating with the incident investigation.The tutorial assumes the user knows how Investigation Catalyst software works, and how to do investigations. Detailed guidance for performing the major investigation tasks is provided in Investigation Guides on the application distribution disk.

• administrative data about the investigation,
  
• the sources of data acquired and used during the investigations,
  
• a description of the behaviors that produced the outcome of interest,
  
• the relationships among those behaviors,
  
• any analyses of the description that identified problems or options to address those problems,
  
• any evaluations or ratings or rankings of the options, and
• the relevant attributes of any actors involved in the incident (record in an attachment to report.)

Investigation Catalyst uses the project folder which contains other digitized data about an investigation project to store and retrieve application files. The TOOLS > MATRIX PROPERTIES menu provides a panel for entering the investigator name, the investigation project identifier, and the creation date for each new Matrix. Other administrative data such as time, expense, contact and supplies records should be maintained within the customary files within an organization.

Investigation Catalyst uses Event Blocks to record the actions or behaviors that produced the outcome of interest. The EB format requires investigators to transform any observed data into the actor/action format, to minimize use of incompatible entries, and ambiguous or abstract descriptions. It enables investigators to quickly capture, organize and display the actions sequentially, to show their flow during the incident.

The documentation of the EBs on the Matrix supports investigators' efforts to identify gaps in their understanding of what happened, and to determine what additional data to seek. It also supports their development of hypothetical events that might fill the gaps, permitting the testing of the the logic of the hypotheses before investing resources in a chase for data to prove illogical fillers.

The Import function enables more than one investigator to work on a case, and combine their Matrixes in a single file, which contains all their inputs on one Matrix.

The Inspector panel displays all the contents of the EBs, comments and Diamonds, and permits editing of all the elements of the object. Any displayed text in an object on the Matrix can be readily

Investigation Catalyst uses arrows to link interactions on the Matrix during the incident. Two or more events with a logical input/output relationship are linked with arrows, making the relationship visible to everyone with access to the Matrix. These links can be tentative, while the investigation progresses, or confirmed when the data justify that action.

The shape of the arrows tells the investigator at a glance their current status. A dashed arrow represents a tentative link. An arrow with a solid line and white arrow head indicates a confirmed input/output link. An arrow with a solid line and black arrow head indicates a confirmed link that has passed the Necessary and Sufficient logic test for completeness. When the status changes, the Inspector Panel provides access to any link for editing.

Investigation Catalyst provides for entry of the source data used in each Event Block on the matrix, to try to minimize unsupported EBs and ensure a record of the basis for each Matrix entry. One or more sources can be entered; multiple sources, separated by commas, are more persuasive, but are not required.

The source Glossary captures all new Sources entered when EBs are created. A list of sources used in a Matrix can be displayed or printed to help with source quality assurance and inventorying tasks.

Investigation Catalyst uses two Matrix views for analyses. The Matrix View displays EBs as uniform blocks able to display all the EB data entered for all the EBs, and their links, with comments and Diamond tags. The Overlap View displays the EB action and date/time data for selected EBs, as parallel bars whose length is proportional to the duration of the action. The Matrix View is used to array and analyze the EBs for relationships, completeness and potential problems or opportunities for improvement. The Overlap View is used to analyze the interactions during concurrent or overlapping actions for potential problems or opportunities for improvement.

Investigation Catalyst captures the data produced by the analysis of the Matrixes for problems demonstrated by the incident. The Diamonds Problem panel provides for the recording of the problems defined by the analysis of each EB and link on the Matrix any of the description that identified problems or options to address those problems,

The Investigation Catalyst Diamond Options and Tradeoff panel enables investigators to document their rationale for recommending specific preferred performance improvement actions, related to the specific behaviors during the incident. The documentation displays this information in a way that can easily be stored, reviewed, edited, and distributed.