ClubEnsayos.com - Ensayos de Calidad, Tareas y Monografias
Buscar

Intro To Report Writing For Digital Forensics


Enviado por   •  31 de Enero de 2015  •  450 Palabras (2 Páginas)  •  268 Visitas

Página 1 de 2

So you've just completed your forensic examination and found that forensic gem or smoking gun in your case, so how do you proceed? Depending on where you fall as a forensicator (e.g., law enforcement, intelligence, criminal defense work, incident response, e-discovery) you will have to report your findings. Foremost, find out what type of work product you are going to be required to produce to the client, attorney, etc. This will be your guide for completing your report. While the report writing part of the digital forensic examination process is not as fun as the forensic analysis, it is a very important link in the chain as Dave Hull summed it up here in a tweet.

As digital forensic examiners/analysts, we must report and present our findings on a very technical discipline in a simplistic manner. That may be to a supervisor, client, attorney, etc. or even to a judge and jury who will read and interpret your report after it has been cross-examined. Are you prepared to explain your findings? When the case goes to trial and you are called upon to testify a year or more in the future will you be able to remember the case based simply from the details you included in your report?

You've probably found yourself at some point diving right into an exam, completing your forensic analysis and theoretically going back to the beginning of the exam when it comes time to begin your report because the lack of note-taking during the forensic examination. A solid forensic examination requires detailed notes along the way. What exactly are good notes? Taking screenshots, bookmarking evidence via your forensic application of choice (EnCase, FTK, X-Ways Forensics, etc.), using built-in logging/reporting options within your forensic tool, highlighting and exporting data items into .csv or .txt files, or even using a digital audio recorder vs. handwritten notes when necessary. Jim O'Gorman provides some good tips for taking good notes during a digital forensic examination. As Jim discusses, there is no wrong way to take notes, nor a standard. Every examiner approaches the note-taking process differently, the important piece is to document, document, document. The more notes you take, the easier your report will be to prepare and finalize. Speaking of notes, Joe Garcia has provided an excellent review and walk-through of using CaseNotes during digital forensics.

Now we take our detailed notes to complete the forensic report to tell the story of what the presence or absence of the digital artifact indicates, regardless, if it is inculpatory or exculpatory in nature. Your report may include something similar or a slightly different flavor to: an overview/case summary, forensic acquisition & exam preparation, findings and report (i.e., forensic analysis), and a conclusion.

...

Descargar como (para miembros actualizados) txt (3 Kb)
Leer 1 página más »
Disponible sólo en Clubensayos.com