Next Generation Paperless Case Management for Investigators and Analysts

White Paper, May 2003

Office of Special Investigations

Investigative Information Management System (I2MS)

Concept of Operations

Issue 1.0


Revision History

 


Table of Contents

1.  Identification  4

1.1   Purpose   4

1.2   I2MS   4

1.3   Business Need   5

2.   System Concepts   6

2.1   System Features and Capabilities   6

2.1.1   Investigative Activities includes the capability to:   6

2.1.2   Files include the capability to:   6

2.1.3   Participants   6

2.1.4   Query Capability   6

3.   Business Processes   6

3.1   Investigative Activities   6

3.1.1   Briefing Activity   7

3.1.2   Computer Intrusion   7

3.1.3   Document Review   7

3.1.4   Exception File (Version 1)   7

3.1.5   Interview Details Tab Build Element (Version 1)   7

3.1.6   Law Enforcement Records Check   8

3.1.7   Liaison Activity   8

3.1.8   Media Analysis Support Activity   8

3.1.9   Polygraph (Polygraph Exam) Activity   8

3.1.10   Reportable Situation (300/0) Activity   8

3.1.11   Search Activity   9

3.1.12   Source Interview Activity   9

3.1.13   Specialist Consultation   9

3.1.14   Surveillance Activity   9

3.1.15   TALON Activity   9

3.2   Investigative Files   10

3.3   Management Files   10

3.4   Investigative Support Files   10

3.5   Investigative Services   11

3.6   Participants   11

3.7   Resources   11

3.8   Common Functions for Activities and Files   11

3.9   Summary   12

4.   System Justification   12


Concept of Operations

Identification

PurposeExecutive Summary

As computers become more prevalent in all aspects of every persons life, a shift in how work is actually done is being seen from one industry sector to another.  . First computers technology affected the financial sector, then the manufacturing sector, and now next generation computer power is impacting the more complicated investigative and intelligence case management sector.  . Early computer processing was best fitted to the straightforward accounting processes.  As such, a clear impact on financial institution work processes was seen.  Stock exchange transactions were no longer done on paper.  Deposits and withdrawals at local banks always required input into a terminal. 

 

Not long after the financial revolution in workflow cameThe latest change changes in the manufacturing sector was from a paper-to-keypunch process to a paperless-online transaction process.  . An inventory manager on a manufacturing floor changed the way the job was done:  it changed from paper based stock receipts and issues that were later keypunched  into a mainframe computer to a more paperless process. The inventory transaction of today is done without any paper into the quickly changing, more user friendlyuser-friendly personal computer.  . This makes for a real-time system—the actual event is known, by all those with access to the system at the same time the event occurred.    Now, the The power and flexibility of the computer has now matured enough to be fully applied to the more complex work of the law enforcement investigator and intelligence analyst is poised to make a similar jump.  . Software and hardware have existed for the investigators for some time but in a limited capacity.  . The investigator used word processors for creating the needed documentation for their clients.  . The investigator used databases to look up information about a person, place, or property to assist in the research aspects of the job.  . More advanced investigative and intelligence agencies currently use databases to capture the work products and metrics on these products (e.gfor example,. records management systems, document exploitation, document scanning).

 

The next generation of information management tools for investigative and intelligence agents isintelligence agents is called an Activity Based system.  . The Investigative Information Management System (I2MS) is one of the first of these Activity Based systems for investigative processes.  . An Activity Based system is meant to capture all tasks done (and yet to be done) by the agent.  . It documents agent “Tooth to Tail” processes without the less efficient paper forms for entry by a keypuncherdata entry person. 

With this broad coveragecoverage, an Activity Based system serves several information technology purposes for the agent in one package:

§         Documentation generator for the agent clients

§         Database repository for agent research on people, places, or property

§         Resource allocation for agent management responsibilities

§         Database warehouse for command wide metrics of cases ( autogenerationauto generation to NIBRS/DIBRS)

§         Evidence, equipment, source, and expense management in the context of the cases

§         Agent collaboration (notifications, leading, chat)

This paper will discuss the system concepts and features of the Activity Based system, the advantages of these systems, and their architectural considerations.


With this broad coverage an Activity Based system serves several information technology purposes for the agent in one package:

Documentation generator for the agent clients

Database repository for agent research on people, places or property

Resource allocation for agent management responsibilities

Database warehouse for command wide metrics of cases (NIBRS/DIBRS compliant)

Evidence, equipment, source, and expense management in the context of the cases

Agent collaboration (notifications, leading, chat)

System Concepts and Features

The Activity Based system which captures all aspects of investigative worksystem, which captures all aspects of investigative work, requires a birdsbird’s eye view of what the organization does in the context of the investigative work.

 

 

 

Investigative Organization Concepts--The investigative organization, be it insurance, environmental, educational, DoD, or public, gathers the investigative information in similar ways.  . The organization is made up of teams or units of personnel who perform Activities or tasks.  . These Activities are done involving different participants with different roles.  .   The cases against these participants are kept in Case Files. 

For example, an individual may be the subject of an interview.  . Or an organization may be the subject of many document reviews.  . And the same organization may be the subject of an Investigative Case File.  First generation Investigative MIS programs do not require data entry as these activities are done.  . An Activity Based system does. 

Relationship of Files to Activities--The Files in the Activity Based system are the accumulation of work steps. The work steps themselves are documented in Activities. Activities are smaller, self-contained folder-like records describing a single Investigative event. The Activity objects document the event. Because there are different types of events, there are different types of Activities, each with a distinct documentation requirement. Possibilities for Activities include Interviews, Briefings, Searches, Document Reviews, Records Checks, Computer Intrusions, and Polygraph Exams. The Activities gather into a File and all of the information contained in the Activity is then passed to the file. An Activity may be included in more than one file, and in such cases, the associated Files share the information. This association mimics the real world of case investigations when two cases very closely related are being run simultaneously.  Figure 2 illustrates these File to Activity relationships.]

 

 

 

Figure 2: Traditional Paper Process vs. Activity-Based Digital Process.

Electronic Files vs. Paper files-- The core functional operation of an Activity Based system resembles the paper files used to contain the various papers generated to document the investigative actions. The Activity Based system includes the investigative steps as Activities that are associated to the Files much as paper-documented actions are placed in the file folder.  Figure 2 also illustrates how the Activity Based system has segregated out Participant information along with File and Activity information.  This segregation of these information components commonly contained in paper case files minimizes agent re-entry work and maximizes information re-use.  Participant information is further segregated out by types of participants: Person, Company, Organization, and Program.  The advantage of this again is to minimize re-entry of data.  The agent can capture the fact that an individual is a member of a given organization and then re-use the entered organization information later for other individuals that may be members of the same organization.  No retyping organization information multiple times.

Figure 3—Sample Electronic Case File from I2MS

Although no organization can be completely paperless, the Activity Based system can approach this ideal.  This is done not only through the segregation and grouping of data as discussed above, but also by providing electronic tools for those non-paper tasks done by field agents.  For helping to determine who is responsible for given cases and what part different agents and agencies might play in a case file, the Activity Based system provides electronic Assignment functionality.  For capturing supervisory review of case work, an electronic approval and review note functionality is provided.  For supplementary case information (e.g. photos, hard copy documents, audio) an Attachment functionality is available.  And for resource allocation to case work (e.g. man hours spent, expenses consumed, equipment used) a Resources functionality is integrated into this paperless system.

 

Activity Based System Advantages

The primary advantages of the Activity Based I2MS over many existing investigative software systems are:

1)      Minimization of duplicate data entry (enter once and reuse by all agents for people, places, property, case information, evidence, equipment, expenses,)

Primarily due to the segregation of data discussed above, agents do not have to enter the same group of data into the Activity Based system more than once.  In fact, agent #2 could reused the person information entered by agent #1 and not have to do any data entry

2)      Automatic buildup of link analysis data for the investigative analyst

Again, since data is segregated and re-used, the database behind the Activity Based system is automatically structured and available for consumption by many graphing programs:

Figure 4 Example graphical link analysis against system data

3)      Consolidation of database silos” (I2MS one contingent Oracle database)

Since earlier generation management systems must contain the scope of new functionality to meet time and budget constraints, they typically address limited business processes.  There exists separate applications and corresponding databases for these separate business processes. There might be an application for lists of case files, one for expenses, another for people, and so on.  The next generation Activity based system has built on past applications and integrated into one interface for the agent, and one database for management.

This integration of data, in turn, provides for integration of business processes which, in turn, provides for database integrity.  For example, equipment used for a case cannot be checked out without the existence of the case.  Or evidence obtained in a Search Activity cannot be processed without existence of the Activity.

4)      Agent documentation made as work progresses rather than all at once at deadline

It is not unusual in human nature to put things off until the last minute.  This can happen too in documentation of investigations.  Multiple interviews, document reviews, and searches may have been done before the time a complete report of investigation is due.  The Activity Based system provides for the entry needed for the immediate documentation needs to suffice for the later documentation needs.  The agent does not need to what until the last minute to document the case report because the system can generate this report automatically at any time in the case life cycle.

5)      Scalable to many users (based on Oracle backend)

An Activity Based system requires more entry than the traditional investigative management system.  These systems also require access by all in the organization simultaneously during all parts of the day.  A powerful central database is required to serve these demanding needs.  Some single user databases (like Microsoft Access) or less powerful, less mature database technologies cannot fit the bill.  The powerful Oracle database behind the I2MS system can.  This database is scalable to many users as already proven on many existing ERP or large web applications.

6)      Rich user interface for ease of use and quick entry times (no slow screen refresh)

As mentioned above, the higher entry needs for the Activity Based system need a powerful database for the higher transactions.  The end user application also needs a rich user interface to allow the agent to enter the information efficiently and effectively.  The I2MS interface is user friendly to minimize the learning curve.  The fat client architecture also provides the user immediate feedback of which data fields need input and which are formatted correctly.

7)      Standalone functionality for ongoing work when network unavailable

Investigative agents must go wherever is needed to do the job.  This is often not behind a desk where networks are reliable and fast.  There may be slow modem connections available at the job site or nothing at all available.  Because of this, I2MS is made to operate without any network connection available at all.  Much like Microsoft Outlook where emails and tasks can be read, searched, and composed offline and then synched once connected to the central repository, I2MS Activities can be worked off line.  The agent continues to work even when the network is down.

8)      Strong normalized database behind the user friendly interface (data integrity, growth, and scalability)

A normalized database is one where common groups of information are segregated from one another.  Earlier it was shown how Activities, Files, and Participant information is segmented out.  This segmentation is carried to much lower levels in the I2MS database structure.  A normalized database provides for cost effective database integrity, database growth. 

Many IT decision makers do not understand, or care to understand, the importance of a normalized database.  It is a technical issue that they should not get involved in.  However, many legacy databases are finding limits earlier than expected because the technical architects did not understand the normalized database either.

9)      Built in XML Export/Import functionality for data sharing

The purpose of this document is to describe the intended use of the Investigative Information Management System (I2MS), for the Air Force Office of Special Investigation (AFOSI). It will describe the AFOSI business processes supported by the I2MS and the basic concepts of the system, and will provide the user community with an understanding of the business problems and opportunities addressed by the I2MS.

I2MS

I2MS is the OSI primary application to document investigations. I2MS replaces CACTIS and is compliant with the Defense Incident-Based Reporting System. CACTIS saw life as a Management Information System (MIS) that contained metadata or summary data about the investigations. The investigations themselves remained documented in a largely a paper process. I2MS is structured to operate the way the agents operate and to enable digital documentation of the entire investigation. Management information becomes a byproduct of the documented investigation. Doing this, however, creates an entirely different orientation for the structure of the requirements and their relationships.

Architectural and Technical Considerations The core functional operation of I2MS resembles the paper files used to contain the various papers generated to document the investigative actions. I2MS includes the investigative steps as activities that are associated to the files much as paper-documented actions are placed in the file folder. Automated support contained in the application is called Functions. In addition, the data is displayed in Views. I2MS contains different file types that are assigned to Investigative Cases, Investigative Support, Investigative Services, and Investigative Management categories. These categories roughly equate to the relationship of the information the different files contain with the investigations leading to prosecution. The categories are detailed later in the discussion of the product architecture.

The last four advantages briefly discussed in the previous section:

·         Rich user interface for ease of use and quick entry times (no slow screen refresh)

·         Standalone functionality for ongoing work when network unavailable

·         Strong normalized database behind the user friendly interface (data integrity, growth, and scalability)

·         Built in XML Export/Import functionality for data sharing

all have an impact on the architectural considerations of a system imposed with these requirements.

The core functionality consists of files and activities. The files are in four categories:

Investigation Case Files are a class of files directly linked to the agent documentation of an investigation.

Investigative Support Files are a class of files the document the efforts in support of an investigation.

Investigative Service Files are a class of files documenting services performed by OSI to support external investigations or other one-time services.

Investigation Management Files are a class of files documenting the management of investigations and investigative personnel.A NIBRS reportable Activity Based system requires much more user input and higher than normal amounts of data than the first generation case tools.  A rich user interface is required to quickly and efficiently convey to the user that the complete and accurate information is entered.  . This is done in the form of dynamically changing pull down boxes based on related inputs, immediate SAVE buttons available when sufficient data has been entered, or powerful interface controls (date pickers,  checkboxes, checkboxes, screenand screen splitters) to aid the user. 

 

The chart below explains the available architectural choices for a needy rich User Interface:

 

 

 

 

 

 

 

 

 

 

 

For a stronger user interface the choices is between traditional client server and Java applets.  . The next consideration is available bandwidth.  . For those network infrastructures with limited bandwidth, the client server approach is more desirable to minimize wait times for the user entering large amounts of data.  . Java applets often times require downloads along with the data taking up more bandwidth and more time.  . Client server applications already have the interface code available on the local machine.  . UnfortunatelyUnfortunately, the client is fatter requiring a higher maintenance cost in distributed updated components.  . ButHowever, this tradeoff must be made for usability of the complex, high transaction Activity Based system in bandwidth constrainedbandwidth-constrained networks. 

The client server approach also leaves the door open for uninterrupted agent operation (local mode processing when network down or unavailable in remote locations).

 

Summary The files are the accumulation of work steps. The work steps themselves are documented in Activities. Activities are smaller, self-contained folder-like records describing a single Investigative event. The activity record documents the event and calls for the minimal data needed to fully document the event. Because there are different types of events, there are different types of activities, each with a distinct documentation requirement. The activities gather into a file and all of the information contained in the activity is then passed to the file. An activity may be included in more than one file, and in such cases, the associated files share the information. Figure 2-1 illustrates the relationships.

 

 

Figure 2-1: Activities are the core steps that link to the files.

I2MS is the primary investigative support application in two investigative agencies today. OSI. Other applications, such as e-mail and Office Automation tools, provide general support but are also key parts of the total investigative support system suite. I2MS documents the investigations. The other products assist in conducting, managing, and documenting the investigations. MDITS and other information systems support the investigative mission in the classified environment. Taken as a whole, these are the core OSI systems. As an Air Force and DoD organization, OSI has systems specific to these larger components, but the core systems are unique to investigations and the OSI mission, and must be highlighted for that reason..

However, the activity based system augments other administrative systems already well established (for examplee.g., Computer Aided Dispatch).  . With the XML capabilities of the Activity Based system, integration with existing databases is straightforward. 

Business Need

The FORMMS was developed in response to the DoD initiative in which the DoD established a simplified baseline of the best, common information systems across the business functions of the Department. These migration systems represented a stage of process improvement designed at achieving a common set of automated processes and practices in the DoD, and help reduce redundant development and support costs.

The DoD FMP, with multiple inventory systems maintained by the services, employed a variety of platforms and applications. There was no common standard operating procedure nor was there an automated method to query the inventory databases without manually submitting a query to the individual maintaining the database and that individual performing a manual search. None of the DoDIIS agencies systems were "on-line," or interactive. In addition, there was no automation process to perform the Foreign Materiel Acquisition Requirement (FMAR), or Foreign Materiel Acquisition Opportunity (FMAO) processes.

There was an unprecedented degree of integration and interoperability required of the DoD system that supported this program. The effort required a cohesive, integrated solution that included not only the inventory requirements but also the acquisition management requirements of the DoD FMP. There was a need to be able to scale the size and complexity of each inventory maintained by the individual agencies since the requirements and number of items maintained and accounted for vary from a few hundred to sixty thousand plus. There was also a need to track item location and to identify who is responsible for that item. A standard was required for DoD Foreign Materiel inventory at the SECRET collateral level for accountability purposes that can be readily accessed, easily used, and addressable to the needs of the individuals who maintain the inventory, those foreign materiel managers who require inventory status, and analysts who require information concerning a particular item.

System Concepts

The I2MS is a Oracle multi-user application that will provide functionality to support Special Investigation  and Intelligence requirements of the AFOSI and be DIBRS compliant. It is a Defense Information Infrastructure (DII) Common Operating Environment (COE) Level 5 compliant application that functions with a DOD approved secure Internet Browser interface.

System Features and Capabilities

Investigative Activities includes the capability to:

Create and track Briefings

Create and track Computer Intrusions

Create and track Document Reviews

Create and track Exceptions

Create and track Interviews– Subjects, Witness, Victims, and Incidental/Group

Create and track Law Enforcement Record Checks

Create and track Liaisons

Create and track Media Analysis

Create and track Polygraph Exams

Create and track Reportable Situations

Create and track Searches

Create and track Source Interviews

Create and track Specialist Consultations

Create and track Surveillances

Create and track Talons

Files include the capability to:

Create and track Investigations – Case and Operations

Create and track Management Files

Create and track Service Files

Create and track Support Files

Create and track Resource Files

Participants

Create and track Participants

Query Capability

The query tool allows the user to query the database for information about activities and files.

Business Processes

This section describes the general business processes supported by the I2MS.

Investigative Activities

Investigative Activities are the basic investigative steps. The individual steps are gathered into a file. The investigative steps can also apply to more that one file, such as an investigative event that involves two or more persons. A primary investigative step must be sufficiently complete in itself because the entire investigation may be no more than that one-step and the investigation then dropped. There must be a sufficient number of types of steps to cover all of the work typically performed by the agents. There are also varieties of types of crimes and investigations that must be encompassed by the basic investigation steps.

Briefing Activity

OSI personnel conduct various types of briefings that are part of the mission. For example, briefings could cover the crime information at a base, the threats to a facility, or that reside in a location being entered by Air Force personnel, or other information related to investigations or discovered in doing investigations. The activity captures such unique briefing-related information as the reason for the briefing, the attendees or audience and time and place. The briefing itself can be attached to the activity for reuse and viewing.

Computer Intrusion

The purpose of the intrusion activity is to alert the key people involved with the systems under attack to limit any potential damage. Intrusion attacks are normally treated as a nuisance rather than a crime or an event requiring lengthy investigation. The current form documents the information relevant to damage control. A few other data elements would assist in tracking trends and possibly intrusion sources for later investigation or use in link analysis. Whenever OSI receives notice of a possible computer system penetration, the first order of business is to limit any possible damage. The intrusion may also launch a more extensive investigation. The first step is to document the intrusion event and the steps taken to limit the damage. I2MS proposes to maintain the data in the I2MS database to produce intrusion-related metrics, such as sites attacks, types of computer system attacked, sources or the attacks and so on.

Document Review

A document review is a means to gather information related to an investigation. Document reviews take place to gather information from official written records held outside OSI. They are for general classes of documentation:  Financial, Contract, Medical, and Personnel. Some reviews, such as a contract records, can take a relatively long period over several days or be revisited at several intervals to check out information learned by other means. Some of the data collected will populate information on other activities. For example, the personnel record may yield data for the Subject tab. The location and specifics of the records are recorded so that the investigation can be repeated if necessary and the sources of all information traced. The title will indicate sub-type and a user entered description.

Exception File (Version 1)

Agents may need a general-purpose file that can act as a “container” for activities that are not otherwise linked for investigations or pre-defined purposes. For example, the computer crime managers may want to collect all intrusion activities into a monthly “folder.” The activities could all be associated to an Exception file titled as the January 2000 Intrusion File. A series of briefings could be processed in a similar way. In addition to such general-purpose uses, I2MS does not maintain that all possible file types have already been identified. One way to identify others will be to allow the users to propose new ones. Another way will be to review all of the exceptions and see if a trend emerges that could be better serviced with a dedicated file type.

Interview Details Tab Build Element (Version 1)

Interviews are expected to be the most frequently used type of activity. The activity contains several sub-types:

Witness

Subject

Victim

Incidental/Group

The activity title will include the type and name of the interviewee.

Law Enforcement Records Check

The purpose of the Law Enforcement Records Check Activity is to document those efforts in checking a local Law Enforcement agency records or information. This may be done in the support of an investigation that a Law Enforcement agency was involved in or in a Personnel Security Investigation. The activity documents who the agency is and those key individuals at that agency. The activity itself only captures a given Law Enforcement Agency and not multiple checks.

Liaison Activity

Most Counter-Intelligence (CI) related investigative activities will fall into the predefined types. I2MS will allow room for two specialized CI Activities; one is a specialized CI Activity and one is a specialized CI Support Activity. The specialized CI activities may be to develop a threat analysis by gathering information related to a specific threat. A group of these activities may be associated to a CI File that results in an Intelligence Information Reports (IIR) or other report pointing out the threat and how the threat can be mitigated. With the exception that the focus of the activity is a CI topic, the file and associated CI Activities, the process resembles a typical investigation. However, CI “investigations” have their own context and content and may require a specialized CI Activity and a CI Support Activity to convey the information.

Media Analysis Support Activity

OSI supports investigation by performing Media Analysis of computer media. The analysis can take several directions to recover or assess the information contained on the media. I2MS records the work performed. As with other files types, the Support File can be associated with the Incident File that requested the analysis. The CCI Media Analysis Activity follows the norm by using common tabs with specialized Summary and Details Tabs. The Narrative Tab can be used to document the analysis and Attachment Tab can include any records generated by the analysis if it is not captured as evidence.

Polygraph (Polygraph Exam) Activity

OSI is called upon to perform polygraphs as a service to an agency doing security background investigations. OSI performs CI and full Life-style polygraphs as needed. These types of security polygraphs have a defined set of questions. OSI administers the polygraph and reports on the results. OSI polygraph specialists maintain the detailed results as part of the record and return the tests to Headquarters for review and validation. Response sheets are also collected as part of the test and review processes.

Reportable Situation (300/0) Activity

CI Activities; one is a specialized CI Activity and one is a specialized CI Support Activity. The specialized CI Activities may be to develop a threat analysis by gathering information related to a specific threat. A group of these activities may be associated to a CI File that results in an IIR or other report pointing out the treat and how the threat can be mitigated. With the exception that the focus of the activity is a CI topic, the file and associated CI Activities, the process resembles a typical investigation. However, CI “investigations” have their own context and content and may require a specialized CI Activity and a Reportable Situation Support Activity to convey the information.

Search Activity

There are several types of searches: crime scene, person, vehicle, or facility. If on a military base, the search requires a command representative to authorize the search. Otherwise, other authority is required. The authorizing form letters are built into the common Attachment tab along with the remaining forms needed for investigations. The unique activity information is such things as the time, place, and the circumstances of the search to include authorizing authority when required. The results can be documented in Narrative and Notes. Evidence can be captured in the Evidence, and so on.

Source Interview Activity

Source Management is a separate I2MS module. The Source Interview Activity is used because the interview will be associated with an Investigation File and to a Source Management File. One documents the information for a specific investigation and the other for a specific source. The source will be indicated with an identifier code, such as the recruiting detachment number and a sequential number for that detachment’s sources. Only the Source Management File will contain the actual biographic information and be access controlled. Because the identity is masked, the Source Interview can have general access as part of access to the investigative record.

Specialist Consultation

Specialists are called upon to determine if their participation in the investigation would add value. The specialist are consulted to assist and recommend if and what further specialist support would assist the investigation. They answer the question “should more be done.” The consultation is a review of the status of the information contained in the investigative record to date discussion with the lead and support agents, as appropriate, and perhaps discussion with other specialists. The activity will then be associated with the investigation and so that the lead agent can take any further action. The results of the specialist review will be entered in the Narrative. There are four selectable sub-types of specialist investigations:

Forensics

Technical Equipment

Polygraph

Computer Crime

Surveillance Activity

Investigative operations range from the very basic unsophisticated drug purchase to longer-term surveillance or undercover operations. Thus, not all operations require detailed planning. When required, plans should meet a minimum standard of coverage. An approved standardized template that also acts as a planning checklist has been developed so that I2MS can improve the process. OES often only sees the plan after the operation is over and when it is too late to make helpful recommendations or reduce risks.

TALON Activity

Recent terrorist threats to the U.S. have triggered immediate responses from all military forces to effectively and collectively process possible counter intelligence information. Although mechanisms were in place to gather and disseminate longer-lived intelligence information through the IIR, a different mechanism for swiftly processing time critical Force Protection Information was implemented using a Microsoft Access application developed and implemented under the Defense Counter Terrorist Working Committee. With an Access implementation, it allowed for quick implementation with a common format for electronically sharing the data between the various DoD services. With this TALON implementation, a set of business process rules for AFOSI (and other Agencies) has now been established. In particular, these process rules define the type of information, the reporting format, and the reporting hierarchy to be followed.

Investigative Files

The core part of I2MS is those functions most directly related to documenting the investigations. The activities discussed above are the investigative steps performed in the investigative process. The individual steps need to be gathered and linked to make up the complete record of the investigation. The Investigative Files are the mechanism for gathering and using the activities to construct the complete record. The Investigative Files contain common information and then other information specific to the level of investigation. The Investigation Files include:

Case

Operation

In the case of Investigative Files, the Case File is the most complete file. The Operations File contains a trimmed down versions of the Case File.

Management Files

Investigation Management covers all of the functionality related to the management of the investigations and the OSI components that indirectly support the investigative processes.

There are a variety of management functionality used in supporting the organization and investigations. The dimension of the management functionality includes:

Applicants

Collection Requirements and Collection Emphasis

Equipment

Evidence Management

Geo

Personnel

Source Management

Target Management

Technology

Units

The files contain a variety of different functionality; yet, the functionality is contained in the same general format and structure as the other functionality.

Investigative Support Files

The core investigative process is supported by work needed to augment the investigation. The work is often called on “by exception,” that is, only when needed by the nature of the investigation. The functionality for support also tends to require specialists trained to perform the work. The functionality is also distinct from the Investigation Files. These factors lead to the use of Support Files tailored for the supporting functionality. The Investigative Support Files include the following:

Criminal Polygraph

Seven Contacts

Source Development

Technical Surveillance

Undercover Operations

Undercover Operations Support

Investigative Services

OSI occasionally performs services, one-time events as opposed to a continuing investigation. The work is often called on “by exception,” that is, only when needed. The services’ functionality also tends to require specialists trained to perform the work. The functionality is also distinct from the Investigation Files. These factors lead to the use of Service Files tailored for the functionality. The types of Investigative Services includes:

Counter-Espionage Operations

Counter-Intelligence Investigations

Counter-Intelligence Services

Force Protection Services

Personal Security Investigation

Threatened Airman Support

Participants

There are four types of participants: Person, Company, Organization, and Program and there are four types for each participant: Subject/Victim/Witness/Incidental and Group used in DIBRS and I2MS. I2MS uses the standard file structure to gather information in I2MS involving a specific person, company, organization, or program. For example, all files and activities dealing with a program regardless of role will be associated together in a single program file. Such cross-references make it easier to revisit information for one of the entities that has had several roles in the I2MS context. These files also make it easier to cross-reference persons who belong to a company or program to look for common denominators.

Resources

I2MS has four operations that are initiated with agents but that are then managed across the entire command. The management behind each of these areas is different and will not fit the common model for I2MS. Separate modules are used to contain the functionality not directly used in the files and activities to manage. The resources include:

Cfunds

Equipment

Travel

WorkHours

Common Functions for Activities and Files

One overall objective was that all I2MS components have a similar “look and feel” and general operation. This reduces the need for detailed training because the functionality will be intuitive from one area to another due to commonality in layout and operation. Activities and files have a set of common functions.

Assignment

Association

Attachment

Narrative

Notes

Reports

Resources

Summary

The purpose of the Summary Tab was to rapidly show the top-level information and status of the investigation. The summary information includes, but not limited to:

General Summary

Closure Information

System Justification

I2MS is an integrated solution that supports the entire U S Air Force Office of Special Investigation with a complete system for managing their Investigations and Intelligence business process using state of the art technologies and software development techniques.