There are a couple of ways to do this. Do not picture a single monolithic organization. Overlapping circles of different sizes and colors would be more accurate.
First all the circles would need to be informed of what the objective is, why it is important to succeed in general using standard buzz words. Funding would be released, in this case I am assuming substantial resources would be allocated.
This is not a monolithic organization (DHS), rather think of it as competing principalities, political maneuvering would begin in earnest as each fiefdom would want a place at the money hose. It would be a joint task force in theory but specific agencies would also run in house task forces that may feed information, not all, but certainly some, to the DHS taskforce while holding back enough to give their in house task force an edge. Agendas inside agendas. Circles within circles.
The following example would fit a single circle approach of interconnected agencies with a history of working together.
We want information on activites and plans
We want to know who the players are. How can we manipulate them? Once identified what leverage do we have? Do we want to use the leverage?
Has the decision has been made to prosecute an imprison them? Yes, it has.
Assign them a weight on the evil priority scale.
Do we want everyone or do we want to make examples? Each agency will have different ideas and even by agency it will differ based on area/region.
Identify, compromise, accumulate, prosecute
I am going to concentrate on Internet based communications
First thing I would want is to look for multiple pops. At this point you aren't sifting for names because on the Internet names are meaningless. You want IP addresses.
I would want to find IP addresses that show up based on a broad criteria at first. What criteria? Yes, it would be tailored but broadly:
Is encrypted traffic ever been associated with that IP?
Has that IP been recorded more than x times accessing sites on List A, B, or C?
Is the IP on any existing list as a possible source/problem?
Has any email traffic been sent to anyone on any watch list?
As an agency in a specific region I would want all the above for my specific jurisdiction.
Then I would want to run them against a list we had created specifically for our region plus take names acquired from the field, obtain their IP addresses and look for matches. I would also want to look for specific geographical matches. For example: Field says XXX is active and lives/stays at 123 Oak Street. Who is the ISP and what IP's are assigned to that block?
Cellphones would also be important but that would be an entire post in itself.
Once you had identified potential suspects you would go to the accumulate stage. Someone would already assigned the direction of the collection. We want to prosecute for X,Y,Z. We will use this existing law - For example do you want to go for major figures? How far do we want to go? All the way? Do we want minor figures for propaganda purposes? Make a statement that nothing will be tolerated? Usually the answer is yes to the above. Conspiracy works real well here.
More if there is any interest.