IT Planning at ModMeters4
Brian Smith, CIO of ModMeters, groaned inwardly as he listened to CEO John Johnson
wrapping up his remarks. “So our executive team thinks there are real business oppor-
tunities for us in developing these two new strategic thrusts. But before I go to the
board for final approval next month, I need to know that our IT, marketing, and sales
plans will support us all the way,” Johnson concluded.
Brian mentally calculated the impact these new initiatives would have on his orga-
nization. He had heard rumors from his boss, the COO, that something big was coming
down. He had even been asked his opinion about whether these strategies were techni-
cally doable, theoretically. But both at once? Resources—people, time, and money—were
tight, as usual. ModMeters was making a reasonable profit, but the CFO, Stan Abrams,
had always kept the lid screwed down tightly on IT spending. Brian had to fight for
every dime. How he was going to find the wherewithal to support not one but two new
strategic initiatives, he didn’t know.
5IF� PUIFS� 71T� BU� UIJT� TUSBUFHZ� QSFTFOUBUJPO� XFSF� TNJMJOH�� 5BLJOH� .PE.FUFST�
global from a North American operation seemed to be a logical next step for the com-
pany. Its products, metering components of all types, were highly specialized and in
great demand from such diverse customers as utility companies, manufacturers, and
a host of other industries. Originally founded as Modern Meters, the firm had grown
steadily as demand for its metering expertise and components had grown over the past
century or so. Today ModMeters was the largest producer of metering components in
the world with a full range of both mechanical and, now, digital products. Expanding
into meter assembly with plants in Asia and Eastern Europe was a good plan, thought
Brian, but he wasn’t exactly sure how he was going to get the infrastructure in place
to support it. “Many of these countries simply don’t have the telecommunications and
equipment we are going to need, and the training and new systems we have to put in
place are going to be substantial,” he said.
But it was the second strategic thrust that was going to give him nightmares, he
predicted. How on earth did they expect him to put direct-to-customer sales in place
so they could sell “green” electric meters to individual users? His attention was jerked
back to the present by a flashy new logo on an easel that the CEO had just unveiled.
“In keeping with our updated strategy, may I present our new name—MM!”
Johnson announced portentously.
“Oh, this is just great,” thought Brian. “Now I have to go into every single applica-
tion and every single document this company produces and change our name!”
Because of its age and scientific orientation, ModMeters (as he still preferred to
call it) had been in the IT business a long time. Starting back in the early 1960s, the
September 2005. Reproduced by permission of Queen’s University, School of Business, Kingston, Ontario,
IT Planning at ModMeters 83
company had gradually automated almost every aspect of its business from finance
and accounting to supply chain management. About the only thing it didn’t have was
a fancy Web site for consumers, although even that was about to change. ModMeters
currently had systems reflecting just about every era of computers from punch cards
to PCs. Unfortunately, the company never seemed to have the resources to invest in
reengineering its existing systems. It just layered more systems on top of the others.
A diagram of all the interactions among systems looked like a plate of spaghetti. There
was no way they were going to be able to support two new strategic thrusts with their
current budget levels, he thought as he applauded the new design along with the others.
“Next week’s IT budget meeting is going to be a doozy!”
Sure enough, the following week found them all, except for the CEO, back in the
had presented their essential IT initiatives. In addition to what needed to be done to
support the new business strategies, each division had a full laundry list of essentials
for maintaining the current business of the firm. Even Abrams had gotten into the act
this year because of new legislation that gave the firm’s outside auditors immense
scope to peer into the inner workings of every financial and governance process the
After listening carefully to each speaker in turn, Brian stood up. “As many of you
know, we have always been cautious about how we spend our IT budget. We have been
given a budget that is equal to 2 percent of revenues, which seriously limits what we in
IT have been able to do for the company. Every year we spend a lot of time paring our
project list down to bare bones, and every year we make do with a patchwork of infra-
structure investments. We are now at the point where 80 percent of our budget in IT is
fixed. Here’s how we spend our money.” Brian clicked on a PowerPoint presentation
showing a multicolored pie chart.
“This large chunk in blue is just about half our budget,” he stated. “This is simply
the cost of keeping the lights on—running our systems and replacing a bare minimum
of equipment. The red chunk is about 30 percent of the pie. This is the stuff we have to
do—fixing errors, dealing with changes mandated by government and our own indus-
try, and providing essential services like the help desk. How we divide up the remain-
der of the pie is what this meeting is all about.”
Brian clicked to a second slide showing a second pie chart. “As you know, we
have typically divided up the remaining IT budget proportionately, according to who
has the biggest overall operating budget. This large pink chunk is you, Fred.” Brian
gestured at Fred Tompkins, head of manufacturing and the most powerful executive in
the room. It was his division that made the firm’s profit. The pink chunk easily took up
more than half of the pie. Tompkins smiled. Brian went on, pointing out the slice that
each part of the firm had been allotted in the previous year. “Finally, we come to Harriet
human resources and marketing, respectively. Their tiny slivers were barely visible—
just a few percent of the total budget.
“This approach to divvying up our IT budget may have served us well over the
years”—Brian didn’t think it had, but he wasn’t going to fight past battles—“however,
we all heard what John said last week, and this approach to budgeting doesn’t give
us any room to develop our new strategies or cover our new infrastructure or staffing
needs. Although we might get a little more money to obtain some new applications
84� 4FDUJPO�*� r� %FMJWFSJOH�7BMVF�XJUI�*5
and buy some more computers”—Abrams nodded slightly—“it won’t get us where we
need to go in the future.”
A third graph went up on the screen, showing the next five years. “If we don’t
do something now to address our IT challenges, within five years our entire IT budget
will be eaten up by just operations and maintenance. In the past we have paid mini-
mal attention to our infrastructure or our information and technology architecture or
to reengineering our existing systems and processes.” A diagram of the “spaghetti”
flashed on. “This is what you’re asking me to manage in a cost-effective manner. It isn’t
pretty. We need a better plan for making our systems more robust and flexible. If we
are going to be moving in new directions with this firm, the foundation just isn’t there.
Stan, you should be worried that we won’t be able to give our auditors what they ask for.
But you should also be worried about our risk exposure if one of these systems fails and
about how we are going to integrate two new business ventures into this mess.”
Tompkins looked up from his papers. It was clear he wasn’t pleased with where
this presentation was headed. “Well, I, for one, need everything I’ve asked for on my
list,” he stated flatly. “You can’t expect me to be the cash cow of the organization and
not enable me to make the money we need to invest elsewhere.”
Brian was conciliatory. “I’m not saying that you don’t, Fred. I’m just saying that
we’ve been given a new strategic direction from the top and that some things are going
to have to change to enable IT to support the whole enterprise better. For example, until
now, we have always prioritized divisional IT projects on the basis of ROI. How should
we prioritize these new strategic initiatives? Furthermore, these new ventures will
require a lot of additional infrastructure, so we need to figure out a way to afford this.
And right now our systems don’t ‘talk’ to the ones running in other divisions because
they don’t use the same terminology. But in the future, if we’re going to have systems
that won’t cost increasing amounts of our budget, we are going to have to simplify and
integrate them better.”
Tompkins clearly hadn’t considered the enterprise’s needs at all. He scowled but
said nothing. Brian continued, “We are being asked to do some new things in the com-
pany. Obviously, John hopes there’s going to be a payback, but it may take a while. New
strategies don’t always bear fruit right away.” Now looking at Abrams, he said point-
edly, “There’s more to IT value than short-term profit. Part of our business strategy is
to make new markets for our company. That requires investment, not only in equipment
and product but also in the underlying processes and information we need to manage
and monitor that investment.”
Harriet Simpson spoke for the first time. “It’s like when we hire someone new in
R&D. We hire for quality because we want their ideas and innovation, not just a warm
body. I think we need to better understand how we are going to translate our five key
corporate objectives into IT projects. Yes, we need to make a profit, but Stan needs to
satisfy regulators and Brenda’s going to be on the hot seat when we start marketing to
Kwok was tasked with keeping one or more steps ahead of the competition. New types
of products and customer needs would mean expansion in his area as well.
Abrams cleared his throat. “All of you are right. As I see it, we are going to have
to keep the cash flowing from Fred’s area while we expand. But Brian’s got a point.
We may be being penny wise and pound foolish if we don’t think things through more
IT Planning at ModMeters 85
carefully. We’ve put a lot of effort into developing this new strategy, and there will be
some extra money for IT but not enough to do that plus everything all of you want. We
need to retrench and regroup and move forward at the same time.”
There was silence in the room. Abrams had an annoying way of stating the
obvious without really helping to move the ball forward. Brian spoke again. “The way
I see it, we have to understand two things before we can really make a new budget.
First, we need to figure out how each of the IT projects we’ve got on the table contri-
butes to one of our key corporate objectives. Second, we need to figure out a way to
determine the value of each to ModMeters so that we can prioritize it. Then I need to
incorporate a reasonable amount of IT regeneration so that we can continue to do new
projects at all.”
Everyone was nodding now. Brian breathed a small sigh of relief. That was step
one accomplished. But step two was going to be harder. “We have a month to get back
to the board with our assurances that the IT plan can incorporate the new strategies
and what we’re going to need in terms of extra funds to do this. As I said earlier, this
is not just a matter of throwing money at the problem. What we need is a process for IT
planning and budgeting that will serve us well over the next few years. This process
will need to accomplish a number of things: It will need to take an enterprise perspective
on IT. We’re all in these new strategies together. It will have to incorporate all types of
IT initiatives—our new strategies, the needs of Fred and others for the new IT to oper-
ate and improve our existing business, Stan’s new auditing needs, and our operations
and maintenance needs. In addition, we must find some way of allocating some of the
budget to fixing the mess we have in IT right now. It must provide a better way to con-
nect new IT work with our corporate objectives. It must help us prioritize projects with
different types of value. Finally, it must ensure we have the business and IT resources in
place to deliver that value.”
Looking at each of his colleagues in turn, he asked, “Now how are we going to
1. Develop an IT planning process for ModMeters to accomplish the demands as set
Running Head: THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS
THE SCIENTIFIC METHOD APPLIED TO DIGITAL FORENSICS 7
The Scientific Method Applied To Digital Forensics
by student name
Professor D. Barrett
Computer forensics is the process of digital investigation combining technology, the science of discovery and the methodical application of legal procedures. Judges and jurors often do not understand the inner workings of computers and rely on digital forensics experts to seek evidence and provide reliable, irrefutable testimony based on their findings. The scientific method is the process of diligent, disciplined discovery where a hypothesis is formed without bias, and analysis and testing is performed with the goal of effectively proving or disproving a sound hypothesis. When investigative teams do not follow standard investigative procedures it can lead to inappropriate and inaccurate evidentiary presentations that are extremely difficult for non-technical participants to refute. The practitioners of digital forensics can make strides to measure and improve the accuracy of their findings using the scientific method. This paper includes a summary of the scientific method as applied to the emerging and growing field of digital forensics and presents details of a specific case where both the prosecution and defense would have benefitted greatly from the use of this proven method of discovery and analysis. Findings can only be deemed reasonably conclusive when the scientific process is correctly applied to an investigation, findings are repeatable and verifiable, and where both the evidence collected and the tools used are subject to the utmost scrutiny.
The Scientific Method Applied To Digital Forensics
The forensic analyst and investigator must use a unique combination of technical, investigative, and scientific skills when approaching a forensic case. Most adults remember the Scientific Method from their middle school science class as a set of six steps beginning with stating a problem, gathering information, forming a hypothesis, testing the hypothesis, analyzing the data and drawing conclusions that either support or do not support the hypothesis. Peisert, Bishop, & Marzullo (2008) note that the term computer forensics has evolved to mean “scientific tests of techniques used with the detection of crime” yet note that many academic computer scientists also use the term to refer to the “process of logging, collecting, auditing or analyzing data in a post hoc investigation”. The necessity to maintain chain of custody requires methodical and detailed procedures, as does the formulation of a legitimate and unbiased hypothesis and conclusion using the scientific method. Since many judges and jurors assume that computer forensic evidence is as “reliable and conclusive” as it is depicted on television, the legal system is unaware of the volatile nature of computer forensics investigations and the significance of a scientific approach to evidence gathering and analysis (Peisert et al., 2008).
The Scientific Process as Applied to Computer Forensics
Peisert et al. (2008) discuss in detail the need for the use of the scientific method in forensic investigations, not only for the process of discovery and analysis of evidence, but for measuring the accuracy of the forensic tools used in an investigation. Casey (2010) agrees, and cautions that evidence must be compared to known samples so that investigators better understand the scope and context of the evidence that is discovered or presented and to better understand the output of forensic tools. Casey (2010) further elaborates that the scientific method is a powerful tool for forensic investigators who must be neutral fact finders rather than advocates for one side of a case or the other.
The process of creating a hypothesis and completing experiments to prove or disprove them allows an investigator to gain a concrete understanding of the digital evidence or mere traces of evidence under analysis. Casey (2010) also notes that while there is no ethical requirement to do so and may be impractical, a thorough investigative practice would consider investigation of alternate scenarios presented by defense.
Forensic examination tools can contain bugs, or behave differently with various types of data and forensic images. Casey (2010) recommends that investigators examine evidence at both the physical and logical layers since both methods can provide unique perspectives, and the physical layer may not yield deleted, corrupted or hidden data. Suspects with limited technical experience can rename image files with different extensions not used for images, and those with more technical knowledge can use advanced steganography techniques to embed data within other data in an attempt to defy detection.
The 2004 case of State of Connecticut v. Julie Amero in Norwich, Connecticut is one where the scientific method was clearly missing from both the defense and prosecution. Eckelberry, Dardick, Folkerts, Shipp, Sites, Stewart, & Stuart (2007) completed a comprehensive post-trial analysis of the evidence as provided to the defense and discovered very different evidentiary results using a structured scientific approach to their investigation. Amero was a substitute elementary teacher accused of displaying pornographic images that appeared on pop-up’s to her students from what ultimately was proven to be a spyware-infected school computer. The credibility of the legal system was compromised and the prosecution made a numerous incorrect assumptions based on results provided from inadequate forensic tools and poor investigative techniques (Eckelberry et al., 2007).
The computer that Amero was using in her classroom was a Windows 98 machine running Internet Explorer 6.0.2800 and a trial version of Cheyenne AntiVirus that had not received an update in several years. The content filtering at the school had expired several months prior to the incident. The prosecution presented non-factual statements that may easily have been misconstrued by a non-technical jury and that likely caused a guilty verdict. The false testimony made by the school IT specialist indicated that the virus protection was updated weekly when in fact they were not since computer logs and the signatures clearly showed that virus updates were no longer supported by the vendor. The updates may have been performed but against files that had no new updates for many months. The IT Manager who testified also incorrectly claimed that adware was not able to generate pornography and especially not “endless loop pornography”. This information was received as a fact by the non-technical jury and incredibly not refuted by the defense. The detective for the prosecution also stated that his testimony was based completely on the product ComputerCop which the vendor admits is incapable of determining if a website was visited purposefully or unintentionally. The forensic detective astoundingly admitted that he did not examine the computer for the presence of adware (Eckelberry et al., 2007, p. 7-10).
The case against Amero was largely based on testimony stating that she deliberately visited the offensive pornographic websites and that the sites visited subsequently showed the links in red. The post-trial investigative team quickly verified that the ‘sites visited’ color setting in Internet Explorer on the suspect machine was set to “96,100,32” which is a greenish-gray color. One of the web pages that the defendant allegedly visited had an HTML override to highlight one of the links presented in red and was not colored based on a deliberate visit to the site. According to Eckelberry et al. (2007) the page in question was not discovered in “any of the caches or Internet history files or the Internet History DAT files. The post-trial investigative team through meticulous investigation and use of the scientific method were able to present facts that were “exculpatory evidence showing that the link was never clicked on by the defendant” or any other person, and disproved most of the statements made by the forensics examiner and the witnesses for the prosecution (Eckelberry et al., 2007, p. 12-14).
The prosecution testimony stated that there was no evidence of uncontrollable pop ups found on the suspect machine, however, the post-trial investigative team discovered irrefutable evidence that the page in question was loaded twenty-one times in one second using a computer forensics tool called X-Ways Trace. Eckleberry et al. (2007) detail many other instances where testimony was haphazard and discovered that a Halloween screen saver was the source of the adware that presented the continuous stream of pornographic sites. The chain of custody was also compromised in that the disk image was from a Dell PC but the defense witness saw a Gateway PC stored at the police station. The officer reportedly seized a computer but the police report contradicts this and states that only a drive was taken (Eckelberry et al., 2007, p. 14-17).
The case described and investigated by Eckelberry et al. (2007) resembles a staged blunder designed as a humorous sample case for beginning forensic students to discuss. The case was however very real and even though the defendant was eventually acquitted she suffered lasting harm from the notoriety based on the initial conviction of contributing to the delinquency of minors. If the prosecution or defense had investigated the evidence using the scientific method and maintained a credible chain of custody, or at least used clear critical thinking while performing a thorough forensic investigation this case may never have gone to trial. It wasted the time and resources of judge, jury, and countless other participants in the trial and permanently damaged an innocent victim (Eckelberry et al., 2007).
The scientific method is a process that allows confidence in a hypothesis when it can be subjected to repeated identical tests. The use of the scientific method not only provides a methodical structure to a forensic investigation, it lends credibility to a case in the very nature of the steps used to document and diligently test any given hypothesis. The case independently investigated post-trial by Eckelberry et al. (2007) was performed by a team of trained experts who were well aware of the necessity of the methodical requirements and necessity of the scientific method of discovery. Their findings proved that the suspect was in fact a victim of poorly maintained computers by a local Connecticut school system, that the forensic expert and witnesses who testified in the case were untrained and uninformed and used inadequate tools for the investigation. Cases such as State of Connecticut v. Julie Amero illustrate the importance of using the scientific method, and the necessity of proper training in the art and science of digital forensics.
Carrier, B. (2002, October). Open Source Digital Forensics Tools: The Legal Argument. In @ Stake Inc. Retrieved September 8, 2011, from
Casey, E. (Ed.). (2010). Handbook of Digital Forensics and Investigation (Kindle ed.). Burlington, MA: Elsevier, Inc.
Eckelberry, A., Dardick, G., Folkerts, J., Shipp, A., Sites, E., Stewart, J., & Stuart, R. (2007, March 21). Technical Review of the Trial Testimony of State of Connecticut vs. Julie Amero. Retrieved September 9, 2011, from
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to Computer Forensics and Investigations (4th ed.). Boston, MA: Course Technology, Cengage Learning.
Peisert, S., Bishop, M., & Marzullo, K. (2008, April). Computer Forensics in Forensis. Retrieved September 8, 2011, from