Formulating the Report

Previous page
Table of content
Next page

As noted in the Tales from the Trenches, you might have to use the report you prepared to recall events years after the fact. Therefore, your report should contain information that is focused. Each forensic examiner has his or her own way of formulating reports , but establishing a standardized template is important. This way your work will be consistent. The more you use the template, the more proficient you will become. You will also want the items you refer to in your report to be consistent so you don't confuse your audience. For example, if you are discussing a hard drive in your report, be sure that all instances refer to it as just that. Using the terms hard disk, hard drive, and fixed disk interchangeably in the same report can cause confusion to the reader. In fact, including a glossary can help define the items listed in your report. Here are some items the report should contain:

  • Name of the reporting agency and case investigator

  • Case number

  • Date of the report

  • List of the items examined

  • Description of the examination process

  • Results and/or conclusion

A typical report format consists of several independent sections, which include the preceding information. These sections are broken down in the following order:

Executive Summary or Summary of Findings    The summary is a brief explanation of the circumstances that required the investigation and a short detail of the significant findings. Include the names of all persons involved in the case and the date.

Objectives    This section states the specific purpose for the investigation- for example, to determine if the subject used a laptop computer as an instrument in the crime of identity theft and/or as a repository of data related to that crime. Include the name of the reporting agency and investigator.

Analysis    This section provides a description of the evidence and the steps taken to process the evidence.

Findings    The findings include specific information listed in order of importance or relevance. This can include data and graphic image analysis, Internet-related evidence, and techniques used to hide data.

Supporting Documentation    This section includes how you arrived at the findings in the previous section. The supporting documentation is usually the longest section of the report. It can also contain the printouts of items of evidence and chain of custody documentation.

Glossary    Can be used with the report to help the reader understand technical terms contained in the report.

Now that you have some idea of the format the report should take, let's look at a few sample reports.



Previous page
Table of content
Next page
Computer Forensics JumpStart
Computer Forensics JumpStart
ISBN: 0470931663
EAN: 2147483647
Year: 2004
Pages: 153
Authors: Michael G. Solomon, K Rudolph, Ed Tittel, Neil Broom, Diane Barrett
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
Building Web Applications with UML (2nd Edition)
Cisco IOS Cookbook (Cookbooks (OReilly))
Cisco CallManager Fundamentals (2nd Edition)
Comparing, Designing, and Deploying VPNs
Python Programming for the Absolute Beginner, 3rd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy