Here are my 10 tips for dealing with misinformation during security assessments and forensic investigations:
- Remember that interview subjects might purposefully or inadvertently present you with incorrect information.
- Watch out for “lies by omission,” which is another form of misinformation.
- Look for discrepancies between the information provided by different subjects and also between what you heard and what you saw in documentation.
- Ask similar questions several times, though not in direct sequence, watching out for the discrepancies in the answers you might receive.
- Collect your own data to collaborate or refute what you heard during interviews. You may be unable to check all information, but spot-checks should be within the realm of possibility.
- Consider whether it’s wise to directly confront the subject when you notice misinformation—this might create friction without helping your objectives
- If you have the opportunity, give the people whom you’ll interview a chance to get to know you—if they feel comfortable with you, they might be more truthful.
- Remind subjects that it’s very important for you to have accurate information to provide meaningful analysis.
- Take notes of the answers, confirming with subjects what you heard them say to avoid concerns over incorrect recollection of the statements.
- Keep in mind that sometimes people don’t realize that they are providing misinformation—they might be simply misinformed.