Case Types
Define custom case types with specific fields, workflows, and report templates for different investigation scenarios.
Default Case Types
DFIRe includes several pre-configured case types:
- General Forensic Investigation - Standard investigation template
- Security Incident - Active incident response
- Data Breach - With compliance timers
- Malware Analysis - Technical analysis focus
- Financial Fraud - Financial investigation fields
- HR Investigation - Employee-related matters
Creating a Case Type
- Go to Settings → Case Types
- Click "New Case Type"
-
Configure Basic Settings
- Name: Display name for the case type
- Description: When to use this type
- Mode: Investigation or Incident
- Icon: Visual identifier
-
Add Custom Fields
Define additional fields specific to this case type.
-
Associate Templates
Link report templates and action templates.
Custom Fields
Add fields to capture case-type-specific information:
| Field Type | Description |
|---|---|
| Text | Single-line text input |
| Text Area | Multi-line text |
| Number | Numeric values |
| Date | Date picker |
| Select | Dropdown with predefined options |
| Multi-Select | Multiple choice selection |
| Checkbox | Boolean true/false |
Field Properties
- Label: Display name
- Required: Must be filled when creating a case
- Default Value: Pre-populated value
- Help Text: Guidance for users
Best Practices
- Start with default types and customize as needed
- Don't create too many types - use custom fields instead
- Keep field names consistent across types
- Document when each type should be used