Scribd
Upload
9 views

Chapter 9 DF

Uploaded by

Shreyas Murali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
9 views

Chapter 9 DF

Uploaded by

Shreyas Murali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 9

DIGITAL FORENSICS

DR. NILAKSHI JAIN


Email ID: [email protected]
CHAPTER NINE

9.1 Goals of Report


9.2 Layout of an Investigative
Report
9.3 Guidelines for Writing a
Report
9.4 Sample for Writing a Report
REPORT WRITING
Goals of Report :

Your computer forensic reports should achieve the following goals :


1. Accurately describe the details of an incident.
2. Be understandable to decision makers.
3. Be able to withstand a barrage of legal scrutiny.
4. Be unambiguous and not open to misinterpretation.
5. Be easily referenced (using paragraph numbers for the report and
9.1 Goals of Report Bates’ numbers for attached documents).
9.2 Layout of an Investigative 6. Contain all information required to explain your conclusions.
Report 7. Offer valid conclusions, opinions, or recommendations when needed.
9.3 Guidelines for Writing a 8. Report should be ready in time.
Report
9.4 Sample for Writing a Report
Layout of an Investigative Report :

1. Executive summary: The contextual information of the state of


affairs that brought about the essential for an investigation is the
“executive summary” unit.
2. Objectives: Sometimes, there could be a sudden requirement to
perform hard drive forensic examination. The goals of your forensic
examination can be related to virtually any subject, since any type of
9.1 Goals of Report case/action can take place.
9.2 Layout of an Investigative 3. Computer evidence analyzed: The detailed information regarding
Report the assignment of evidence tag numbers and media serial numbers, as
9.3 Guidelines for Writing a well as descriptions of the evidence, is provided in this section.
Report 4. Relevant findings: Summary of the findings of probative value is
9.4 Sample for Writing a Report provided in this section. It answers the question, “What relevant items
were found during the investigation?” The relevant findings should
be listed in order of importance, or relevance to the case.
5. Supporting details: An in-depth look and analysis of the relative
findings is provided in this section. It outlines how we found or arrived
at the conclusions outlined in the “Relative Findings” section.
Layout of an Investigative Report :

6. Investigative leads: In this section, we outline action items that could


be performed to discover additional information pertinent to the
investigation. If more time or additional resources were provided to the
examiner or investigator, these are the outstanding tasks that could be
completed.
7. Additional report subsections: In our computer forensic reports,
9.1 Goals of Report there are several additional subsections that we often include. We have
9.2 Layout of an Investigative found the following subsections to be useful in specific cases, but not
Report every case. It depends on the needs and wants of the end consumer.
9.3 Guidelines for Writing a
Report
9.4 Sample for Writing a Report
Guidelines for Writing a Report :
Following points are to be considered for writing a report:
1. Document investigative steps immediately and clearly:
Through our experience of writing a vast number of forensic reports, we have developed
some report writing guidelines.
2. Know the goals of your analysis:
Before you begin your analysis for examination, know what the goals are. Every crime
has elements of proof, for law enforcement examiners.
9.1 Goals of Report 3. Organize your report:
9.2 Layout of an Investigative Write “macro to micro.” Organize your forensic report to start at the high level and have
Report the complexity of your report increase as your audience continues to read it.
9.3 Guidelines for Writing a 4. Follow a template:
Report A standardized report template should be followed. This makes your report writing
9.4 Sample for Writing a Report scalable, establishes a repeatable standard, and saves time.
5. Use consistent identifier:
There can be confusion created in a report by referring to an item in different ways, such
as referring to the same computer as a system, PC, box, web server, victim system, and so
on.
Guidelines for Writing a Report :
6. Use attachments and appendices:
To maintain the flow of your report, use attachments or appendices. Right in the middle of
your conclusions, you do not want to interrupt your forensic report with 15 pages of
source code.
7. Have coworkers read your reports:
To read your forensic reports, employ other coworkers. This helps develop reports that are
comprehensible to nontechnical personnel, who have an impact on your incident response
9.1 Goals of Report strategy and resolution.
9.2 Layout of an Investigative 8. Use MD5 hashes:
Report Whether it is an entire hard drive or specific files, create and record the MD5 hashes of
9.3 Guidelines for Writing a your proof. Performing MD5 hashes for all evidence provides support to the claim that
Report you are diligent and attentive to the special requirements of forensic examination.
9.4 Sample for Writing a Report 9. Include metadata:
Record and include the metadata for every file or file fragment cited in your report. This
metadata includes the time/date stamps, full path of the file, the file size, and the file’s
MD5 sum.
Guidelines for Writing a Report :
The following example is based on sample report writing which explains about
investigation steps, experience and procedure used.

9.1 Goals of Report


9.2 Layout of an Investigative
Report
9.3 Guidelines for Writing a
Report
9.4 Sample for Writing a
Report
DR. NILAKSHI JAIN
Email ID : • Thank you
[email protected]

You might also like