Scribd
Upload
22 views

Report Writing (1)

The document outlines the importance of report writing in forensic investigations, emphasizing the need to preserve digital evidence and communicate findings clearly. It details the components of a good report, including objectives, findings, and the importance of consistency in layout and language. Additionally, it provides guidelines and best practices for writing effective forensic reports, ensuring they meet the needs of decision-makers.

Uploaded by

lawrencechikopa1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views

Report Writing (1)

The document outlines the importance of report writing in forensic investigations, emphasizing the need to preserve digital evidence and communicate findings clearly. It details the components of a good report, including objectives, findings, and the importance of consistency in layout and language. Additionally, it provides guidelines and best practices for writing effective forensic reports, ensuring they meet the needs of decision-makers.

Uploaded by

lawrencechikopa1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

Report Writing

Why is report Important?


• To identify and preserve the digital evidence in its most-purest form,
to make it possible for relevant investigation procedures to be
performed and conclusions made.
Reporting

• A thorough examination report is written using documentation collected by the


examiner, including photographs, drawings, case-notes, tool-generated content, etc.
• •Many forensic tools come with built-in reporting functionality that is specific to that
tool’s actions and results, but does not typically document the full scope of the
examination.
• •Tool reports may be considered supporting documentation to the examination report or
referenced as an appendix.

• Forensic report should be a balance of technical detail, presented in a simplistic fashion,


and tailored for your audience
Report Format

• There really isn’t a de-facto standard or format per-se.


• Formatting and layout options are up to the examiner/analyst, or they
may be defined by organizational policies or jurisdictional court rules.
•The report may include something similar or a slightly different flavor
to the following:
Features of a good Report
• Explains methods of investigations
• Table of contents
• Data collection
• Explains results
• Discuss results and conclusions
• Provide reference
• Includes appendices
• Provide acknowledgment
Aspects of a Good Report
• Good report achieves its purpose by answering questions that were
set out in the mandate of investigation
• It is designed to meet the needs of the decision maker
• A decision maker must rely on the facts that were presented in the
report.
• The facts must be based on the evidence in the file
• It must be clear and written in a neutral language so that the desicion
maker and other readers needing the information for decision making
will be able to understand
• Must convey the necessary information
Report Template
• Summary
• Case number
• Name, number of the author, investigators and examiners
• Why the investigation was taken
• Significant results
• Straight to the point
• This section will vary in length but generally this should be a one-
paragraph summary of the entire report.
• You will include the technical details in the "Findings and Report
(Forensic Analysis)".
Objectives

• This section outlines specifically what are you being asked to do. You
will include your hypothesis here.
• It is especially important to include if you were asked to perform a
targeted investigation.
• Also a good idea to include any specific search terms requested.
Forensic Analysis –steps taken
Findings

• The Relevant Findings should be most detailed section of your


investigation.
• You will include all artifacts and relevant findings during your analysis
relating to the case.
• These should be directly related/linked to the Objectives/Falsifiable
hypothesis.
• Each piece of evidence must be fully explained in a way that a
layperson can understand it.
Evidence Collection Form
Layout of an investigative Report
• Choose proper layout and presentation for the report to maintain
consistency
• Include data collection
• Provide support material such as figures, tables and data
• Maintain a proper document style throughout the text
Guidelines
• Avoid jargon or slang
• Do not make any assumptions
• Define acronyms and abbreviations
• Lay out must be in logical order
• Report must also include your opinion
Importance of Consistency
• Is more important that the exact format in the report to eliminate
confusion
• The sections in the report must be adjusted in the same way
• Establish a template for writing reports and highlight the main points
Investigative report format
• Get samples already establish report formats
• Estimate the objectivity and document the finding in an unbiased
manner
• Include any relevant extracts referred to in the report that support
analysis or conclusion
Investigative Procedure
• General evidence :date ,Time the investigator visited the site, the
person the investigator spoke with at the site
• Collecting physical and demonstrative evidence
• Collect testimonial evidence -
Dos of Computer Forensic investigator
• Ask questions
• Document thoroughly
• Operate in good faith
• Make the decision to investigate
• File documents properly
Best Practices for Investigations
• Before submitting the report ,read it again so that it gives clear view
of where you need to make changes
• Anyone new must be able to understand
• Make sure the report responds to mandate
Sample Forensic Report
• The report identifies the continuity of the information and describes
the procedures utilized during:
• Investigation
• Concise summary of conclusion
• Observations
• All appropriate recommendations
Sample Forensic report
Writing report using FTK
• Open new case wizard :by selecting file then NEW CASE
• Enter the Forensic examiner Information which appears on the case
information page of the report
• To provide FKT case specifications- check the event boxes in the CASE
LOG OPTIONS window
• Refining the case- Select the type of files that you want to index
• Manage Evidence- click on add evidence to add the evidence in the
case
• In the refine evidence by file path – select the folders that you want
to add the case
Continued..
• Review the case – it allows you to view the case setting and location
where case specific files will be saved.
• Evidence processing – processing file form appears and displays the
status of the processes
• Creating a bookmark –select tools – BOOKMARK, enter the name of
the bookmark and add file to the bookmark
• Copying information from FTK – select file you want to cpy and then
copy special
• Exporting Files – you can export to any format you want to view
• You can create a report .
Report using ProDiscover
• Select file – new project
• Adding a report to an investigation – select project fire and
add(capture or add image
• You can view the contents of the file
• View the registry of the selected file
• View event log of the selected file
• You can finally develop the final report
Summary
• Reports can be used to communicate the results of the forensic
investigation
• Reports can be used not only to present the facts but also to
communicate expert opinions
• Reports can be formal or informal ,verbal or written
• Clarity of writing is critical to the success of the report
• Writing report is more like thinking , so the presentation must be in
alogical flow to convey the information in an ordered form

You might also like