Begin with a Concise Summary

A small hard drive is 10GB. If the contents were printed, it would create a stack of paper approximately 1,111 feet tall. Even though you can't have too much documentation, when it comes to presenting the case, you need balance. You won't want to weed through tons of evidence again later, and you don't want to appear incompetent. For example, if you are asked about log events or a specific activity, you don't want to respond, 'I know that I saw that somewhere.' If the activity is in the Tcpdump log file, you'll need to be able to locate it again.

Often lawyers may want to have electronic evidence produced for them in paper format. A complete forensic analysis report can usually be stored on a single CDROM. Evidence is much simpler to handle in electronic form, where it can be filed, cross-referenced, and indexed. Most law firms now have the technology to do this. Various software programs, such as Summation, allow the evidence to be processed in a more efficient way than paper format. Additional information on Summation can be found at http:// info .summation.com/products .

Kroll Ontrack is another software program that attorneys use. It provides software tools that allow you to view, search, sort , bookmark, and generate reports on the data after the evidence is extracted. Kroll Ontrack offers ElectronicData- Investigator free of charge to all of its computer forensics customers. For more information on the services that Kroll Ontrack provides, go to http://www.krollontrack.com .

Evidor serves as an automated forensic examiner . It can come in handy during civil litigation when one party wants to examine the other party's computers. Both WinHex and Evidor are products of X-Ways Software Technology AG. You can find them at http://www.sf-soft.de/evidor/index.htm and http://www.sf-soft.de/winhex/index-m.html .

When you are formulating a concise report, it is important to:

Understand the importance of the reports
Limit the report to specifics
Design the layout and presentation in an easy-to-understand format
Understand the difference between litigation support reports and technical reports
Write clearly
Provide supporting material
Explain the methods used in data collection
Explain results

The basic guidelines for your reports should be to document your steps clearly, organize the report by using a template, and be consistent. Documenting in a clear and concise manner helps ensure that the details can be recalled or conveyed when the need arises. In order to do this though, the scope of your original documentation must be broader and you should document every step of the process.