Skip to Content
Casework MethodIntake Triage Checklist

Intake Triage Checklist

checklist

Core idea

Triage turns a messy case arrival into a workable plan. Answer five questions before committing to scope; each surfaces gaps and prevents the case from being judged against an invisible benchmark.

Components

  1. What happened?, a clean incident description and timeline. Fraud, missing funds, insider case, or threat profile?
  2. What’s the evidence?, addresses, transactions, screenshots, logs; OSINT indicators such as usernames, domains, handles. Note every gap.
  3. What’s the real objective?, the stated objective is often not the true one. “Find who did this” may actually mean stop further loss / recover funds / prepare for LE / inform a decision.
  4. What are the constraints?, time, data quality, budget, legal limits, jurisdictional issues.
  5. What does success look like?, attribution, a fund-flow diagram, an evidentiary package, or a threat profile. Define it explicitly.

When to use

Immediately at intake, after red-flag screening and before scoping the investigation.

Example

A “find who did this” brief, run through the checklist, resolves to a real objective of “stop further loss and prepare an LE referral,” which reshapes the whole scope.

Five Intake Red Flags, The Scope Triangle, Five Investigation Output Types, Translate Stakeholder Wants into Investigable Questions

Last updated on