SlideShare a Scribd company logo

File000163

Desmond Devendran
Desmond Devendran
TechnologyBusiness
1 of 48
Download to read offline
Module L - Investigative Reports
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Dubai Fund Boss Faces Investigation-Reports Source: http://www.reuters.com/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Market Investigation Report on China’s Tyre Industry, 2008 out Now Source: http://www.marketwatch.com/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Need of an investigative report • Report specifications • Report classification • Layout of an investigative report • Guidelines for writing a report • Use of the supporting material • Importance of consistency • Salient features of a good report • Investigative report format • Sample forensic report • Best Practices for Investigators • Writing report using FTK This module will familiarize you with:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Report Specifications Layout of an Investigative Report Importance of Consistency Need of an Investigative Report Investigative Report Format Salient features of a good Report Guidelines for Writing a Report Use of Supporting Material Report Classification Sample Forensic Report Best practices for Investigators Writing Report using FTK
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensic Report • Explain how the incident occurred • Be technically sound and clear to understand • Be properly formatted with page and paragraph numbers for easy referencing • Provide unambiguous conclusions, opinions, and recommendations supported by figures and facts • Adhere to local laws of land to be admissible in courts • Be submitted in a timely manner Investigative report should: Computer forensic report provides detailed information on complete computer forensics investigation process
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Report Template Objectives Date and time the incident allegedly occurred Date and time the incident was reported to agency personnel Name of the person or persons reporting the incident Date and time the investigation was assigned Nature of claim and information provided to the investigator Location of evidence • Case Number • Name and social security number of the author, investigators, and examiners • Why was the investigation undertaken? • List significant findings • Signatures analysis Summary
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Report Template (cont’d) List of the collected evidences Collection of evidence Preservation of evidence Initial evaluation of the evidence Investigative techniques Analysis of the computer evidence Relevant findings Supporting expert opinion • Attacker methodology • User applications • Internet activity • Recommendations Other supporting details:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Format Specifications PDF is the preferred format for digital reports Do not file a report directly with the court Definition of goal or mission is must Order of writing should match the development of the case Use of outline or arrangement is suggested Keep a copy of the report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Classification • A structured verbal report delivered to a board of directors/managers/panel of jury under oath Verbal formal report • A verbal report that is less structured than a formal report and is delivered in person, usually in an attorney’s office or police station Verbal informal report • A written report sworn under oath, such as an affidavit or declaration Written formal report • An informal or preliminary report in written form Written informal report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report • Decimal numbering system • Legal-sequential numbering system You can choose the numbering structure from two layout systems: • To clearly communicate the information • To draw the reader’s attention to a point Include signposts: Present the text accurately Maintain a proper document style throughout the text
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report (cont’d) • Figures, tables, data, and equations Provide supporting material • How you have studied the problem Explain methods Include data collection
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report: Numbering • Divides the text into sections • Readers can scan the heading • Readers can identify how the parts relate to each other Decimal numbering structure • Used in pleadings • Roman numerals represent major aspects • Arabic numbers are supporting information Legal-sequential numbering
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Guidelines for Writing a Report Avoid jargon, slang, or colloquial terms Define acronyms and abbreviations Check for grammar and spellings Writing should be concise Do not make any assumptions Do not identify any leads Double-check media findings Write theoretical questions based on factual evidence Report must support your opinion Write opinions based on knowledge and experience
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Use of Supporting Material Use figures, tables, data, and equation as a supporting material Number figures and tables in the same order as they are introduced in the report Provide captions with complete information Insert figures and tables after the paragraph
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Consistency The sections in the report format must be adjusted in the same way Consistency is more important than exact format in report Establish a template for writing report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Salient Features of a Good Report Explains methods of investigations Data collection Includes calculations Provides for uncertainty and error analysis Explains results Discusses results and conclusions Provides references Includes appendices Provides acknowledgements
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Aspects of a Good Report A good report achieves the purpose by answering the questions that were set out in mandate for investigator It is designed to meet the needs of the decision-maker A decision-maker must rely on the facts that were presented in the report The facts must be based on the evidence in the file It must be clear and written in a neutral language so that the decision-maker and other readers will be able to understands it It should be concise and must convey the necessary information It should be structured in such a way so that information can be located easily
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigative Report Format Get samples of already established report format Estimate objectivity Document the findings in an unbiased and accurate manner Address the identification and continuity of the evidence Include any relevant extracts referred to the report that supports analysis or conclusions
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Attachments and Appendices Use attachments or appendices as a supplement to the report Attachments and appendices can be used to further detail any terminology, findings, or recommendations presented in the report You can provide the reference to attachments or appendices when the report has more content
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Include Metadata • System metadata can be used to identify the change in file location • Application metadata can be used to identify the change in document author, document version, macros, email “to,” “from,” “subject,” etc Two types of file metadata can be used in the forensic investigation: Metadata is information about the file which includes who created a file and time/date stamps The significance of metadata is based on the properties of the file type During analysis, the expert needs to work with the mirror image to avoid altering metadata
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Signature Analysis Signature analysis verifies file signature to know whether any files have been renamed It identifies the difference between a file extension and the file header It can be used for making hash sets for file filtering
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Forensic Report • Investigation • Concise summary of conclusions • Observations • All appropriate recommendations The report identifies the continuity of the information and describes the procedures utilized during:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigation Procedures General evidence • The date and time the investigator visited the site of the incident • The person with whom the investigator spoke with at that site Collecting physical and demonstrative evidence Testimonial evidence
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting Physical and Demonstrative Evidence The manner in which the scene of the incident, if any, was secured A list of each piece of physical evidence that was collected The manner in which the physical evidence was collected and logged The manner in which the physical evidence was preserved after collection in order to maintain the chain of custody A list of any pictures, which were taken A list of any other demonstrative evidence available to the investigation, e.g. diagrams, maps, floor plans, and x-rays
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting Testimonial Evidence The way in which the investigator determined whom to interview A list of all persons interviewed in chronological order, including title, date, and time of each interview The person or persons, if any, as the target or targets of the case The way in which the investigator afforded the target or other witnesses any right to representation, if such rights exist by labor contract, law, or regulation Interviews without the writer’s statement
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Do’s and Don'ts of Forensic Computer Investigations Ask questions Document thoroughly Operate in good faith Do not get in over your head Make the decision to investigate Treat everything as confidential File it
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Case Report Writing and Documentation Document the entire computer media analysis and conclusions in the "Investigative Analysis Report” Identify any files pertinent to the investigation and print them for inclusion as attachments to the analysis report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Create a Report to Attach to the Media Analysis Worksheet • Date and time of the evidence CPU • Current date and time (include appropriate time zone) • Significant problems/broken items • Lapses in analysis • Finding evidence • Special techniques required beyond normal processes (e.g., password cracker) • Outside sources (e.g., commercial companies that provide assistance and information by trained CCIs over Computer Forensic Investigators) Keep notes on:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Best Practices for Investigators Before submitting the report, read it again • It gives a clear view of where you need to make changes Anyone new to the situation should be able to understand the report While revising the report, ensure that it is coherent, not repetitive, and presents information in right place Ensure that the report corresponds to mandate
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d) Final Report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Investigative Reports are critical during investigations because they communicate computer forensics findings and other information to the necessary authorities Reports can be formal or informal, verbal, or written Reports need to be error free Avoid jargons, slangs, or colloquial terms
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Recommended

File000176
File000176File000176
File000176Desmond Devendran
 
File000162
File000162File000162
File000162Desmond Devendran
 
File000172
File000172File000172
File000172Desmond Devendran
 
File000171
File000171File000171
File000171Desmond Devendran
 
File000169
File000169File000169
File000169Desmond Devendran
 
File000170
File000170File000170
File000170Desmond Devendran
 
File000168
File000168File000168
File000168Desmond Devendran
 
File000166
File000166File000166
File000166Desmond Devendran
 

Recommended

File000176
File000176File000176
File000176Desmond Devendran
 
File000162
File000162File000162
File000162Desmond Devendran
 
File000172
File000172File000172
File000172Desmond Devendran
 
File000171
File000171File000171
File000171Desmond Devendran
 
File000169
File000169File000169
File000169Desmond Devendran
 
File000170
File000170File000170
File000170Desmond Devendran
 
File000168
File000168File000168
File000168Desmond Devendran
 
File000166
File000166File000166
File000166Desmond Devendran
 
CHFI
CHFICHFI
CHFIDesmond Devendran
 
File000164
File000164File000164
File000164Desmond Devendran
 
File000118
File000118File000118
File000118Desmond Devendran
 
File000117
File000117File000117
File000117Desmond Devendran
 
File000114
File000114File000114
File000114Desmond Devendran
 
File000120
File000120File000120
File000120Desmond Devendran
 
File000113
File000113File000113
File000113Desmond Devendran
 
File000115
File000115File000115
File000115Desmond Devendran
 
File000116
File000116File000116
File000116Desmond Devendran
 
File000119
File000119File000119
File000119Desmond Devendran
 
File000167
File000167File000167
File000167Desmond Devendran
 
File000175
File000175File000175
File000175Desmond Devendran
 
File000173
File000173File000173
File000173Desmond Devendran
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensicsKabul Education University
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VArthyR3
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVArthyR3
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...OSTHUS
 
TMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxTMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxJaimeHinojosa18
 

More Related Content

What's hot

Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VArthyR3
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVArthyR3
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 

What's hot (20)

CHFI
CHFICHFI
CHFI
 
File000164
File000164File000164
File000164
 
File000118
File000118File000118
File000118
 
File000117
File000117File000117
File000117
 
File000114
File000114File000114
File000114
 
File000120
File000120File000120
File000120
 
File000113
File000113File000113
File000113
 
File000115
File000115File000115
File000115
 
File000116
File000116File000116
File000116
 
File000119
File000119File000119
File000119
 
File000167
File000167File000167
File000167
 
File000175
File000175File000175
File000175
 
File000173
File000173File000173
File000173
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT V
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IV
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 

Similar to File000163

Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...OSTHUS
 
TMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxTMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxJaimeHinojosa18
 
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...OSTHUS
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6sabtolinux
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6sabtolinux
 
iEHR.eu IHIC 2012 Presentation
iEHR.eu IHIC 2012 PresentationiEHR.eu IHIC 2012 Presentation
iEHR.eu IHIC 2012 Presentationiehreu
 
Mis system analysis and system design
Mis system analysis and system designMis system analysis and system design
Mis system analysis and system designRahul Hedau
 
ctd and e ctd submission
ctd and e ctd submissionctd and e ctd submission
ctd and e ctd submissionRohit K.
 
Epo data exchange requisites
Epo data exchange requisitesEpo data exchange requisites
Epo data exchange requisitesLATIPAT
 
Rubric Name Network Design Proposal Part 1Competencie.docx
Rubric Name Network Design Proposal Part 1Competencie.docxRubric Name Network Design Proposal Part 1Competencie.docx
Rubric Name Network Design Proposal Part 1Competencie.docxcheryllwashburn
 
Practical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFPractical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFMontrium
 
Report Writing - Music Assignment
Report Writing - Music AssignmentReport Writing - Music Assignment
Report Writing - Music AssignmentChristopher Baker
 
Criteria for Research AssignmentPSCI 1010· The paper is due on.docx
Criteria for Research AssignmentPSCI 1010· The paper is due on.docxCriteria for Research AssignmentPSCI 1010· The paper is due on.docx
Criteria for Research AssignmentPSCI 1010· The paper is due on.docxwillcoxjanay
 
Specification writing
Specification writingSpecification writing
Specification writingBSRIA
 
II-SDV 2015, 20 - 21 April, in Nice
II-SDV 2015, 20 - 21 April, in NiceII-SDV 2015, 20 - 21 April, in Nice
II-SDV 2015, 20 - 21 April, in NiceDr. Haxel Consult
 
How Can We Make Algorithmic News More Transparent?
How Can We Make Algorithmic News More Transparent?How Can We Make Algorithmic News More Transparent?
How Can We Make Algorithmic News More Transparent?Stuart Myles
 

Similar to File000163 (20)

Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
 
TMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxTMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptx
 
TMF PDF.pdf
TMF PDF.pdfTMF PDF.pdf
TMF PDF.pdf
 
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6
 
iEHR.eu IHIC 2012 Presentation
iEHR.eu IHIC 2012 PresentationiEHR.eu IHIC 2012 Presentation
iEHR.eu IHIC 2012 Presentation
 
Mis system analysis and system design
Mis system analysis and system designMis system analysis and system design
Mis system analysis and system design
 
Report writing
Report writingReport writing
Report writing
 
ctd and e ctd submission
ctd and e ctd submissionctd and e ctd submission
ctd and e ctd submission
 
Trm Trusted Repositories
Trm Trusted RepositoriesTrm Trusted Repositories
Trm Trusted Repositories
 
Epo data exchange requisites
Epo data exchange requisitesEpo data exchange requisites
Epo data exchange requisites
 
Rubric Name Network Design Proposal Part 1Competencie.docx
Rubric Name Network Design Proposal Part 1Competencie.docxRubric Name Network Design Proposal Part 1Competencie.docx
Rubric Name Network Design Proposal Part 1Competencie.docx
 
Practical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFPractical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMF
 
Report Writing - Music Assignment
Report Writing - Music AssignmentReport Writing - Music Assignment
Report Writing - Music Assignment
 
Criteria for Research AssignmentPSCI 1010· The paper is due on.docx
Criteria for Research AssignmentPSCI 1010· The paper is due on.docxCriteria for Research AssignmentPSCI 1010· The paper is due on.docx
Criteria for Research AssignmentPSCI 1010· The paper is due on.docx
 
Specification writing
Specification writingSpecification writing
Specification writing
 
II-SDV 2015, 20 - 21 April, in Nice
II-SDV 2015, 20 - 21 April, in NiceII-SDV 2015, 20 - 21 April, in Nice
II-SDV 2015, 20 - 21 April, in Nice
 
How Can We Make Algorithmic News More Transparent?
How Can We Make Algorithmic News More Transparent?How Can We Make Algorithmic News More Transparent?
How Can We Make Algorithmic News More Transparent?
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
 

More from Desmond Devendran

Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guidesDesmond Devendran
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeDesmond Devendran
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentialsDesmond Devendran
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management Desmond Devendran
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDesmond Devendran
 

More from Desmond Devendran (18)

Siam key-facts
Siam key-factsSiam key-facts
Siam key-facts
 
Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guides
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentials
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
 
CHFI 1
CHFI 1CHFI 1
CHFI 1
 
File000174
File000174File000174
File000174
 
File000165
File000165File000165
File000165
 
File000161
File000161File000161
File000161
 
File000160
File000160File000160
File000160
 
File000159
File000159File000159
File000159
 
File000158
File000158File000158
File000158
 
File000157
File000157File000157
File000157
 
File000156
File000156File000156
File000156
 
File000155
File000155File000155
File000155
 
File000154
File000154File000154
File000154
 
File000153
File000153File000153
File000153
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

File000163

  • 1. Module L - Investigative Reports
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Dubai Fund Boss Faces Investigation-Reports Source: http://www.reuters.com/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Market Investigation Report on China’s Tyre Industry, 2008 out Now Source: http://www.marketwatch.com/
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Need of an investigative report • Report specifications • Report classification • Layout of an investigative report • Guidelines for writing a report • Use of the supporting material • Importance of consistency • Salient features of a good report • Investigative report format • Sample forensic report • Best Practices for Investigators • Writing report using FTK This module will familiarize you with:
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Report Specifications Layout of an Investigative Report Importance of Consistency Need of an Investigative Report Investigative Report Format Salient features of a good Report Guidelines for Writing a Report Use of Supporting Material Report Classification Sample Forensic Report Best practices for Investigators Writing Report using FTK
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensic Report • Explain how the incident occurred • Be technically sound and clear to understand • Be properly formatted with page and paragraph numbers for easy referencing • Provide unambiguous conclusions, opinions, and recommendations supported by figures and facts • Adhere to local laws of land to be admissible in courts • Be submitted in a timely manner Investigative report should: Computer forensic report provides detailed information on complete computer forensics investigation process
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Report Template Objectives Date and time the incident allegedly occurred Date and time the incident was reported to agency personnel Name of the person or persons reporting the incident Date and time the investigation was assigned Nature of claim and information provided to the investigator Location of evidence • Case Number • Name and social security number of the author, investigators, and examiners • Why was the investigation undertaken? • List significant findings • Signatures analysis Summary
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Report Template (cont’d) List of the collected evidences Collection of evidence Preservation of evidence Initial evaluation of the evidence Investigative techniques Analysis of the computer evidence Relevant findings Supporting expert opinion • Attacker methodology • User applications • Internet activity • Recommendations Other supporting details:
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Format Specifications PDF is the preferred format for digital reports Do not file a report directly with the court Definition of goal or mission is must Order of writing should match the development of the case Use of outline or arrangement is suggested Keep a copy of the report
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Classification • A structured verbal report delivered to a board of directors/managers/panel of jury under oath Verbal formal report • A verbal report that is less structured than a formal report and is delivered in person, usually in an attorney’s office or police station Verbal informal report • A written report sworn under oath, such as an affidavit or declaration Written formal report • An informal or preliminary report in written form Written informal report
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report • Decimal numbering system • Legal-sequential numbering system You can choose the numbering structure from two layout systems: • To clearly communicate the information • To draw the reader’s attention to a point Include signposts: Present the text accurately Maintain a proper document style throughout the text
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report (cont’d) • Figures, tables, data, and equations Provide supporting material • How you have studied the problem Explain methods Include data collection
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report: Numbering • Divides the text into sections • Readers can scan the heading • Readers can identify how the parts relate to each other Decimal numbering structure • Used in pleadings • Roman numerals represent major aspects • Arabic numbers are supporting information Legal-sequential numbering
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Guidelines for Writing a Report Avoid jargon, slang, or colloquial terms Define acronyms and abbreviations Check for grammar and spellings Writing should be concise Do not make any assumptions Do not identify any leads Double-check media findings Write theoretical questions based on factual evidence Report must support your opinion Write opinions based on knowledge and experience
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Use of Supporting Material Use figures, tables, data, and equation as a supporting material Number figures and tables in the same order as they are introduced in the report Provide captions with complete information Insert figures and tables after the paragraph
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Consistency The sections in the report format must be adjusted in the same way Consistency is more important than exact format in report Establish a template for writing report
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Salient Features of a Good Report Explains methods of investigations Data collection Includes calculations Provides for uncertainty and error analysis Explains results Discusses results and conclusions Provides references Includes appendices Provides acknowledgements
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Aspects of a Good Report A good report achieves the purpose by answering the questions that were set out in mandate for investigator It is designed to meet the needs of the decision-maker A decision-maker must rely on the facts that were presented in the report The facts must be based on the evidence in the file It must be clear and written in a neutral language so that the decision-maker and other readers will be able to understands it It should be concise and must convey the necessary information It should be structured in such a way so that information can be located easily
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigative Report Format Get samples of already established report format Estimate objectivity Document the findings in an unbiased and accurate manner Address the identification and continuity of the evidence Include any relevant extracts referred to the report that supports analysis or conclusions
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Attachments and Appendices Use attachments or appendices as a supplement to the report Attachments and appendices can be used to further detail any terminology, findings, or recommendations presented in the report You can provide the reference to attachments or appendices when the report has more content
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Include Metadata • System metadata can be used to identify the change in file location • Application metadata can be used to identify the change in document author, document version, macros, email “to,” “from,” “subject,” etc Two types of file metadata can be used in the forensic investigation: Metadata is information about the file which includes who created a file and time/date stamps The significance of metadata is based on the properties of the file type During analysis, the expert needs to work with the mirror image to avoid altering metadata
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Signature Analysis Signature analysis verifies file signature to know whether any files have been renamed It identifies the difference between a file extension and the file header It can be used for making hash sets for file filtering
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Forensic Report • Investigation • Concise summary of conclusions • Observations • All appropriate recommendations The report identifies the continuity of the information and describes the procedures utilized during:
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigation Procedures General evidence • The date and time the investigator visited the site of the incident • The person with whom the investigator spoke with at that site Collecting physical and demonstrative evidence Testimonial evidence
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting Physical and Demonstrative Evidence The manner in which the scene of the incident, if any, was secured A list of each piece of physical evidence that was collected The manner in which the physical evidence was collected and logged The manner in which the physical evidence was preserved after collection in order to maintain the chain of custody A list of any pictures, which were taken A list of any other demonstrative evidence available to the investigation, e.g. diagrams, maps, floor plans, and x-rays
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting Testimonial Evidence The way in which the investigator determined whom to interview A list of all persons interviewed in chronological order, including title, date, and time of each interview The person or persons, if any, as the target or targets of the case The way in which the investigator afforded the target or other witnesses any right to representation, if such rights exist by labor contract, law, or regulation Interviews without the writer’s statement
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Do’s and Don'ts of Forensic Computer Investigations Ask questions Document thoroughly Operate in good faith Do not get in over your head Make the decision to investigate Treat everything as confidential File it
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Case Report Writing and Documentation Document the entire computer media analysis and conclusions in the "Investigative Analysis Report” Identify any files pertinent to the investigation and print them for inclusion as attachments to the analysis report
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Create a Report to Attach to the Media Analysis Worksheet • Date and time of the evidence CPU • Current date and time (include appropriate time zone) • Significant problems/broken items • Lapses in analysis • Finding evidence • Special techniques required beyond normal processes (e.g., password cracker) • Outside sources (e.g., commercial companies that provide assistance and information by trained CCIs over Computer Forensic Investigators) Keep notes on:
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Best Practices for Investigators Before submitting the report, read it again • It gives a clear view of where you need to make changes Anyone new to the situation should be able to understand the report While revising the report, ensure that it is coherent, not repetitive, and presents information in right place Ensure that the report corresponds to mandate
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d) Final Report
  • 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Investigative Reports are critical during investigations because they communicate computer forensics findings and other information to the necessary authorities Reports can be formal or informal, verbal, or written Reports need to be error free Avoid jargons, slangs, or colloquial terms
  • 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited