SlideShare une entreprise Scribd logo

CNIT 121: 16 Report Writing

Sam Bowne
Sam Bowne

Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia. Teacher: Sam Bowne Twitter: @sambowne Website: https://samsclass.info/121/121_F16.shtml

Formation
1  sur  22
Télécharger pour lire hors ligne
CNIT 121: Computer Forensics Ch 16: Report Writing
Why Write Reports? • Legal or policy requirements • Recommended anyway whenever you analyze evidence or respond to an incident • Writing a report also organizes your thoughts and improves accuracy • Also preserves lessons learned
When Not to Write • Legal concerns about discovery • The deliverable is a verbal report • Make sure legal staff know your standard documentation procedures • Label interim reports "DRAFT" • So later changes don't look like incompetence or deceit
Reporting Standards • Focused -- answer relevant questions • Main Q&A should be easily found; reader should not have to put together information from different parts of the report • Understandable -- consider your audience • Executive summary is for CEO or CSO; not technical hands-on staff
Reporting Standards • Stick to the facts • Avoid terms or phrases that can easily be misinterpreted or are subjective • Double-check facts • Do not mingle facts and opinion • Timely • Begin documenting before you finish investigating
Reporting Standards • Reproducible • Explain what you did thoroughly enough that another forensic examiner can reproduce your findings
Report Style and Formatting • Focused, accurate, and concise • Clearly answer the questions that were asked • In as few words a possible • Write in active voice • "The attacker stole the data", not "The data was stolen by the attacker"
• Past tense • Use concise sentences • Fewer than 30 word • Be specific • Avoid vague terms like "numerous", "several", or ",many" • State the exact number Report Style and Formatting
• State what you did, not what you couldn't do • You'll sound incompetent if you say you tried and failed to do something • Explain why, like "the operating system reused the deleted file's space, making the deleted file unrecoverable" • Use transitions • Say what you are about to say, say it, and then summarize what you said Report Style and Formatting
• Use acronyms correctly • Spell them out the first time you use them • Check to make sure you have the names exactly correct • Avoid jargon and ambiguous words • "Exfiltrate" is jargon; use "data theft" instead • "Compromised" is vague: say exactly what happened Report Style and Formatting
• Use names consistently • Choose "system" or "host" or "node" and stick with it • Avoid informal language • "Examined", not "checked out" • Clearly identify opinion • Support opinions with facts • Unsupported opinions don't belong in forensic reports Report Style and Formatting
Expert Witness • Only expert witnesses can state opinions that will be treated as evidence in court • You must meet qualifications established in court • An impressive resume is important • Examiners who are not expert witnesses should state only facts, not opinions • You may need to hire a consultant to act as an expert
Formatting Standards • Use consistent font and spacing • Dates and times -- be consistent • Never use 05/05/05 because it's ambiguous • "January 28, 2012" is better • 24-hour UTC time is best, not local time
• Standardize metadata reporting • Filename, timestamps, path, MD5, etc. • Should be in the same format every time • Use captions and references • In Microsoft Word Formatting Standards
• Use tables and figures appropriately • Often the most effective way to present information • Be consistent with font, borders, and shading • Include captions, and reference the captions in the narrative • Use bulleted and numbered lists when appropriate Formatting Standards
Report Content and Organization • Develop templates for each type of report • Overall incident • General analysis • Malware analysis
• Title page and table of contents • Organization investigated, incident number or name, date, investigating organization • May be marked "Privileged and confidential" • Background • How the incident was discovered, what response was, goals of investigation • Two paragraphs long Incident Report
• Findings • Goals of investigation in a very clear and brief manner • Part of the executive summary • No more than a page long • Recommendations • Short-term and long-term Incident Report
• Mid-level sections • Findings from individual analysis reports are aggregated, interpreted, and summarized • Individual analysis reports • Full reports, such as forensics, live response, and malware • Foundation for all findings in the incident report Incident Report
• Appendices • Long listings, log files, file listings • Tables or figures that take more than one page Incident Report
• Title page and table of contents • Background • Findings • Evidence examined • Timelines • Analysis details • Appendices Analysis Report
Quality Assurance • QA review or "peer review" • Report is examined for compliance with style, formatting, content, and technical accuracy • Reviewer cannot be someone who wrote the report • Check file metadata to make sure information from one report doesn't leak into another • Link Ch 14j

Recommandé

CNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologyCNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologySam Bowne
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)Sam Bowne
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...Sam Bowne
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookSam Bowne
 
CNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionCNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionSam Bowne
 
CNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologyCNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologySam Bowne
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
 

Recommandé

CNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologyCNIT 121: 11 Analysis Methodology
CNIT 121: 11 Analysis MethodologySam Bowne
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)Sam Bowne
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...Sam Bowne
 
CNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationCNIT 152: 3 Pre-Incident Preparation
CNIT 152: 3 Pre-Incident PreparationSam Bowne
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookSam Bowne
 
CNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionCNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionSam Bowne
 
CNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologyCNIT 152 11 Analysis Methodology
CNIT 152 11 Analysis MethodologySam Bowne
 
CNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsCNIT 121: 13 Investigating Mac OS X Systems
CNIT 121: 13 Investigating Mac OS X SystemsSam Bowne
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
 
CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1Sam Bowne
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security EngineeringSam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)Sam Bowne
 
CNIT 121: 12 Investigating Windows Systems (Part 3)
CNIT 121: 12 Investigating Windows Systems (Part 3)CNIT 121: 12 Investigating Windows Systems (Part 3)
CNIT 121: 12 Investigating Windows Systems (Part 3)Sam Bowne
 
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionCNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionSam Bowne
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)Sam Bowne
 
CNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeCNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeSam Bowne
 

Contenu connexe

Tendances

CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsSam Bowne
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsSam Bowne
 
CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1Sam Bowne
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence Sam Bowne
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingSam Bowne
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security EngineeringSam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security OperationsSam Bowne
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceSam Bowne
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)Sam Bowne
 
CNIT 121: 12 Investigating Windows Systems (Part 3)
CNIT 121: 12 Investigating Windows Systems (Part 3)CNIT 121: 12 Investigating Windows Systems (Part 3)
CNIT 121: 12 Investigating Windows Systems (Part 3)Sam Bowne
 
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionCNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionSam Bowne
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationSam Bowne
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingSam Bowne
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsSam Bowne
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationSam Bowne
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)Sam Bowne
 

Tendances (20)

CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
 
CNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 LeadsCNIT 152: 4 Starting the Investigation & 5 Leads
CNIT 152: 4 Starting the Investigation & 5 Leads
 
CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1CNIT 121: Computer Forensics Ch 1
CNIT 121: Computer Forensics Ch 1
 
CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence CNIT 152: 9 Network Evidence
CNIT 152: 9 Network Evidence
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
 
3. Security Engineering
3. Security Engineering3. Security Engineering
3. Security Engineering
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network Evidence
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
CNIT 121: 12 Investigating Windows Systems (Part 1 of 3)
 
CNIT 121: 12 Investigating Windows Systems (Part 3)
CNIT 121: 12 Investigating Windows Systems (Part 3)CNIT 121: 12 Investigating Windows Systems (Part 3)
CNIT 121: 12 Investigating Windows Systems (Part 3)
 
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionCNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and Testing
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access Management
 
CNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World IncidentsCNIT 152: 1 Real-World Incidents
CNIT 152: 1 Real-World Incidents
 
CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)CNIT 125: Ch 4. Security Engineering (Part 1)
CNIT 125: Ch 4. Security Engineering (Part 1)
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
 
CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)CNIT 125: Ch 2. Security and Risk Management (Part 2)
CNIT 125: Ch 2. Security and Risk Management (Part 2)
 

En vedette

CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)Sam Bowne
 
CNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeCNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeSam Bowne
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksSam Bowne
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)Sam Bowne
 
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)Sam Bowne
 
CNIT 127: Ch 8: Windows overflows (Part 2)
CNIT 127: Ch 8: Windows overflows (Part 2)CNIT 127: Ch 8: Windows overflows (Part 2)
CNIT 127: Ch 8: Windows overflows (Part 2)Sam Bowne
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)Sam Bowne
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesSam Bowne
 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsSam Bowne
 
CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro Sam Bowne
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsSam Bowne
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationLacoon Mobile Security
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)Sam Bowne
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)Sam Bowne
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringSam Bowne
 
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionCNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
 

En vedette (20)

CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
CNIT 128 Ch 6: Mobile services and mobile Web (part 2: SAML to end)
 
CNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: ShellcodeCNIT 127 Ch 3: Shellcode
CNIT 127 Ch 3: Shellcode
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
CNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer AttacksCNIT 123: Ch 3: Network and Computer Attacks
CNIT 123: Ch 3: Network and Computer Attacks
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
 
CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)CISSP Prep: Ch 4. Security Engineering (Part 1)
CISSP Prep: Ch 4. Security Engineering (Part 1)
 
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
 
CNIT 127: Ch 8: Windows overflows (Part 2)
CNIT 127: Ch 8: Windows overflows (Part 2)CNIT 127: Ch 8: Windows overflows (Part 2)
CNIT 127: Ch 8: Windows overflows (Part 2)
 
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
 
CNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection MechanismsCNIT 127 14: Protection Mechanisms
CNIT 127 14: Protection Mechanisms
 
CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro CNIT 126 5: IDA Pro
CNIT 126 5: IDA Pro
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
 
CNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating ApplicationsCNIT 121: 14 Investigating Applications
CNIT 121: 14 Investigating Applications
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & MitigationiOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 2 of 2)
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
 
Ch 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social EngineeringCh 4: Footprinting and Social Engineering
Ch 4: Footprinting and Social Engineering
 
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionCNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruption
 

Similaire à CNIT 121: 16 Report Writing

Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6sabtolinux
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6sabtolinux
 
Preparing informative and influential report
Preparing informative and influential reportPreparing informative and influential report
Preparing informative and influential reportJubayer Alam Shoikat
 
Business Research Report | Presentation | Business Communication | Walli Butt
Business Research Report | Presentation | Business Communication | Walli ButtBusiness Research Report | Presentation | Business Communication | Walli Butt
Business Research Report | Presentation | Business Communication | Walli ButtWalliTech
 
Investigation Report Writing: A Nuts and Bolts Approach
Investigation Report Writing: A Nuts and Bolts ApproachInvestigation Report Writing: A Nuts and Bolts Approach
Investigation Report Writing: A Nuts and Bolts ApproachRandall Tam
 
Investigation Report Writing: A Nuts and Bolts Approach
Investigation Report Writing: A Nuts and Bolts ApproachInvestigation Report Writing: A Nuts and Bolts Approach
Investigation Report Writing: A Nuts and Bolts ApproachCase IQ
 
Report Writing (Investigative Report)
Report Writing (Investigative Report)Report Writing (Investigative Report)
Report Writing (Investigative Report)Malik Armughan
 
Effective Investigation Reports - Derek Knights - i-Sight
Effective Investigation Reports - Derek Knights - i-SightEffective Investigation Reports - Derek Knights - i-Sight
Effective Investigation Reports - Derek Knights - i-SightCase IQ
 
Report Writing and Analysis of Data in Forensics
Report Writing and Analysis of Data in ForensicsReport Writing and Analysis of Data in Forensics
Report Writing and Analysis of Data in ForensicsPsychology Pedia
 
Documenting Your Workplace Investigation: Protect Your Case and Your Organiza...
Documenting Your Workplace Investigation: Protect Your Case and Your Organiza...Documenting Your Workplace Investigation: Protect Your Case and Your Organiza...
Documenting Your Workplace Investigation: Protect Your Case and Your Organiza...Case IQ
 
Report Writing - Music Assignment
Report Writing - Music AssignmentReport Writing - Music Assignment
Report Writing - Music AssignmentChristopher Baker
 
Unit 2 forms of technical communication
Unit 2 forms of technical communicationUnit 2 forms of technical communication
Unit 2 forms of technical communicationprachimba
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for ConsultantsDilum Bandara
 
Investigation Guidance
Investigation GuidanceInvestigation Guidance
Investigation GuidanceSarah Gardner
 
Manuscript writing and publication
Manuscript writing and publicationManuscript writing and publication
Manuscript writing and publicationSagad Mohamed
 
Short, Informal Reports
Short, Informal ReportsShort, Informal Reports
Short, Informal Reportsriaz425
 
Technical writing
Technical writingTechnical writing
Technical writings1220104
 
Report writing / types of report / news paper report/
Report writing / types of report / news paper report/Report writing / types of report / news paper report/
Report writing / types of report / news paper report/mubbashar105
 
Writing Qualitative Research Reports PowerPoint
Writing Qualitative Research Reports PowerPointWriting Qualitative Research Reports PowerPoint
Writing Qualitative Research Reports PowerPointCharita Alston
 

Similaire à CNIT 121: 16 Report Writing (20)

Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6
 
Preparing informative and influential report
Preparing informative and influential reportPreparing informative and influential report
Preparing informative and influential report
 
Business Research Report | Presentation | Business Communication | Walli Butt
Business Research Report | Presentation | Business Communication | Walli ButtBusiness Research Report | Presentation | Business Communication | Walli Butt
Business Research Report | Presentation | Business Communication | Walli Butt
 
Investigation Report Writing: A Nuts and Bolts Approach
Investigation Report Writing: A Nuts and Bolts ApproachInvestigation Report Writing: A Nuts and Bolts Approach
Investigation Report Writing: A Nuts and Bolts Approach
 
Investigation Report Writing: A Nuts and Bolts Approach
Investigation Report Writing: A Nuts and Bolts ApproachInvestigation Report Writing: A Nuts and Bolts Approach
Investigation Report Writing: A Nuts and Bolts Approach
 
Report Writing (Investigative Report)
Report Writing (Investigative Report)Report Writing (Investigative Report)
Report Writing (Investigative Report)
 
Effective Investigation Reports - Derek Knights - i-Sight
Effective Investigation Reports - Derek Knights - i-SightEffective Investigation Reports - Derek Knights - i-Sight
Effective Investigation Reports - Derek Knights - i-Sight
 
Report Writing and Analysis of Data in Forensics
Report Writing and Analysis of Data in ForensicsReport Writing and Analysis of Data in Forensics
Report Writing and Analysis of Data in Forensics
 
Documenting Your Workplace Investigation: Protect Your Case and Your Organiza...
Documenting Your Workplace Investigation: Protect Your Case and Your Organiza...Documenting Your Workplace Investigation: Protect Your Case and Your Organiza...
Documenting Your Workplace Investigation: Protect Your Case and Your Organiza...
 
Report Writing - Music Assignment
Report Writing - Music AssignmentReport Writing - Music Assignment
Report Writing - Music Assignment
 
Unit 2 forms of technical communication
Unit 2 forms of technical communicationUnit 2 forms of technical communication
Unit 2 forms of technical communication
 
Technical Writing for Consultants
Technical Writing for ConsultantsTechnical Writing for Consultants
Technical Writing for Consultants
 
Investigation Guidance
Investigation GuidanceInvestigation Guidance
Investigation Guidance
 
Manuscript writing and publication
Manuscript writing and publicationManuscript writing and publication
Manuscript writing and publication
 
15 report writing
15 report writing15 report writing
15 report writing
 
Short, Informal Reports
Short, Informal ReportsShort, Informal Reports
Short, Informal Reports
 
Technical writing
Technical writingTechnical writing
Technical writing
 
Report writing / types of report / news paper report/
Report writing / types of report / news paper report/Report writing / types of report / news paper report/
Report writing / types of report / news paper report/
 
Writing Qualitative Research Reports PowerPoint
Writing Qualitative Research Reports PowerPointWriting Qualitative Research Reports PowerPoint
Writing Qualitative Research Reports PowerPoint
 

Plus de Sam Bowne

3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic CurvesSam Bowne
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-HellmanSam Bowne
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard ProblemsSam Bowne
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis MethodologySam Bowne
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne
 

Plus de Sam Bowne (20)

Cyberwar
CyberwarCyberwar
Cyberwar
 
3: DNS vulnerabilities
3: DNS vulnerabilities 3: DNS vulnerabilities
3: DNS vulnerabilities
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2) 3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)
 
12 Elliptic Curves
12 Elliptic Curves12 Elliptic Curves
12 Elliptic Curves
 
11. Diffie-Hellman
11. Diffie-Hellman11. Diffie-Hellman
11. Diffie-Hellman
 
2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 12a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1
 
9 Writing Secure Android Applications
9 Writing Secure Android Applications9 Writing Secure Android Applications
9 Writing Secure Android Applications
 
12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)
 
10 RSA
10 RSA10 RSA
10 RSA
 
12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 312 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3
 
9. Hard Problems
9. Hard Problems9. Hard Problems
9. Hard Problems
 
8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)
 
11 Analysis Methodology
11 Analysis Methodology11 Analysis Methodology
11 Analysis Methodology
 
8. Authenticated Encryption
8. Authenticated Encryption8. Authenticated Encryption
8. Authenticated Encryption
 
7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)
 
7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection
 

Dernier

How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...Amil baba
 

Dernier (20)

How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 

CNIT 121: 16 Report Writing

  • 2. Why Write Reports? • Legal or policy requirements • Recommended anyway whenever you analyze evidence or respond to an incident • Writing a report also organizes your thoughts and improves accuracy • Also preserves lessons learned
  • 3. When Not to Write • Legal concerns about discovery • The deliverable is a verbal report • Make sure legal staff know your standard documentation procedures • Label interim reports "DRAFT" • So later changes don't look like incompetence or deceit
  • 4. Reporting Standards • Focused -- answer relevant questions • Main Q&A should be easily found; reader should not have to put together information from different parts of the report • Understandable -- consider your audience • Executive summary is for CEO or CSO; not technical hands-on staff
  • 5. Reporting Standards • Stick to the facts • Avoid terms or phrases that can easily be misinterpreted or are subjective • Double-check facts • Do not mingle facts and opinion • Timely • Begin documenting before you finish investigating
  • 6. Reporting Standards • Reproducible • Explain what you did thoroughly enough that another forensic examiner can reproduce your findings
  • 7. Report Style and Formatting • Focused, accurate, and concise • Clearly answer the questions that were asked • In as few words a possible • Write in active voice • "The attacker stole the data", not "The data was stolen by the attacker"
  • 8. • Past tense • Use concise sentences • Fewer than 30 word • Be specific • Avoid vague terms like "numerous", "several", or ",many" • State the exact number Report Style and Formatting
  • 9. • State what you did, not what you couldn't do • You'll sound incompetent if you say you tried and failed to do something • Explain why, like "the operating system reused the deleted file's space, making the deleted file unrecoverable" • Use transitions • Say what you are about to say, say it, and then summarize what you said Report Style and Formatting
  • 10. • Use acronyms correctly • Spell them out the first time you use them • Check to make sure you have the names exactly correct • Avoid jargon and ambiguous words • "Exfiltrate" is jargon; use "data theft" instead • "Compromised" is vague: say exactly what happened Report Style and Formatting
  • 11. • Use names consistently • Choose "system" or "host" or "node" and stick with it • Avoid informal language • "Examined", not "checked out" • Clearly identify opinion • Support opinions with facts • Unsupported opinions don't belong in forensic reports Report Style and Formatting
  • 12. Expert Witness • Only expert witnesses can state opinions that will be treated as evidence in court • You must meet qualifications established in court • An impressive resume is important • Examiners who are not expert witnesses should state only facts, not opinions • You may need to hire a consultant to act as an expert
  • 13. Formatting Standards • Use consistent font and spacing • Dates and times -- be consistent • Never use 05/05/05 because it's ambiguous • "January 28, 2012" is better • 24-hour UTC time is best, not local time
  • 14. • Standardize metadata reporting • Filename, timestamps, path, MD5, etc. • Should be in the same format every time • Use captions and references • In Microsoft Word Formatting Standards
  • 15. • Use tables and figures appropriately • Often the most effective way to present information • Be consistent with font, borders, and shading • Include captions, and reference the captions in the narrative • Use bulleted and numbered lists when appropriate Formatting Standards
  • 16. Report Content and Organization • Develop templates for each type of report • Overall incident • General analysis • Malware analysis
  • 17. • Title page and table of contents • Organization investigated, incident number or name, date, investigating organization • May be marked "Privileged and confidential" • Background • How the incident was discovered, what response was, goals of investigation • Two paragraphs long Incident Report
  • 18. • Findings • Goals of investigation in a very clear and brief manner • Part of the executive summary • No more than a page long • Recommendations • Short-term and long-term Incident Report
  • 19. • Mid-level sections • Findings from individual analysis reports are aggregated, interpreted, and summarized • Individual analysis reports • Full reports, such as forensics, live response, and malware • Foundation for all findings in the incident report Incident Report
  • 20. • Appendices • Long listings, log files, file listings • Tables or figures that take more than one page Incident Report
  • 21. • Title page and table of contents • Background • Findings • Evidence examined • Timelines • Analysis details • Appendices Analysis Report
  • 22. Quality Assurance • QA review or "peer review" • Report is examined for compliance with style, formatting, content, and technical accuracy • Reviewer cannot be someone who wrote the report • Check file metadata to make sure information from one report doesn't leak into another • Link Ch 14j