Академический Документы
Профессиональный Документы
Культура Документы
Case Summary
Since the report may be quite thick, the case summary will allow the interested parties to
quickly look at the evidence gathered and the conclusions resulting from that data. The
summary is meant to provide the client or court with a snapshot of the facts and evidence
(Solomon, 2009, p 216). This piece would also include a brief background of the case.
Preliminary Examination
Introduce the steps taken to begin the examination of the evidence. Include just the facts
and the procedures undertaken to access any technology. Write clearly and provide any
supporting documentation. Explain the methods used and the results (Solomon, 2009, p 216).
Registry Information
This is information that the operating system logs such as user profiles, software
applications, hardware, files, and other settings.
Image Scans
Any text, object, or image can be scanned and documented in this subcategory.
Results of Virus Scan
Document any executable files or viruses that may affect the data on the computer.
Hash Library
The hash library records numbers that have been generated to represent strings of text. An
examination of these hash values provide evidence that any copies created have not altered the
original data and the integrity of the original can be verified.
Signature Analysis
This is where the comparison of the files, headers, and extensions are examined and
verified with the files on the device to discover any hidden files.
Encrypted or Password Protected Files
List any protected files and the method used to obtain the information.
Alternate Data Streams
These should be completely identified and the path noted
EScripts
Include the scripts run and any details that are known including the script, hash if
available, and where it was found.
Text Searches
What searches were initiated? Also, the number of hits from forensic tools can be
included, i.e., 1-200, 201-55, 501-1000, 100 and more.
Questions and Answers asked by the Client
Document all questions asked by the client and record the responses.
Files
Because there may be a vast number of files, breaking this area down into subcategories
identifying where they are found may be helpful. This would include files that were deleted,
found on the desktop, in my documents, profiles, and recent files which would indicate a
measure of their importance. Also include any relevant screenshots of the text in the files.
References
Computer Forensics Report Template. (2009). Retrieved December 13, 2015, from
http://computer-forensics.privacyresources.org/forensic-template.htm
Solomon, M.G., Rudolph, K., Tittel, E., Broom, N., & Barrett. D. (2011). Computer Forensics
jumpstart (2nd ed.). Indianapolis, IN.