Download to read offline
A new approach to the forensics report
- 1. www.securcube.net A new approachto the Forensics Report Ing. Nicola CHEMELLO www.securcube.net 10..2021 SecurCube
- 2. www.securcube.net Nicola CHEMELLO • Computerengineer • Certified digital forensics examiner for the courts • OpenText EnCE ( since 2009) • Cellebrite CCME (since 2019) • Past certifications include: ACE, XRY advanced, Oxygen • SecurCube Co-Founder SecurCube
- 3. www.securcube.net 1. Identification 2. Collection/acquisition 3.Examination/analysis 4. Reporting The Digital Forensics Process Every digital forensics examiner has been trained on this process, but usually focused on the first three steps. Reporting results can be a very long process, and copying/pasting things can add many flaws to reports. Finally this report is what the judge or lawyer will check to get answers to their questions. SecurCube
- 4. www.securcube.net • 1 caseper time • Just a few devices • Flawless acquisition • “Take your time” The perfect world Ideally we all have just one case, with only a few devices that are acquired without any issue (no PIN codes, no damaged monitors/connectors, no unextracted applications) and we always have to perform the job in the best way. SecurCube
- 5. www.securcube.net The real world RUSHis the word Case management is necessary to have everything tracked, and after all this huge activity we performed, we have to write down an understandable report, that explains every single step we did, the used tools and obviusly the results. If you can save time and also avoid copy/paste from old documents to write this report, you will have this task done sooner, and without any errors. • Many concurrent cases • Plenty of devices • Not a single standard acquisition • “to be done by yesterday” SecurCube
- 6. www.securcube.net SecurCube Forensics Report HOWCAN YOU SAVE TIME? ● The technology for case management and customizable automated report creation. ● Avoid copy and paste from previous documents and reduce the time it takes to file a forensics report. ● Create the most professional, error free and customized court presentation documents that meet international best practices. ● Customize your template to fit your own report schema 100% making sure you added all the required information, as the forensics best practices say. SecurCube Webinar Series
- 7. www.securcube.net How does itwork? Drag & drop logs/images/details to the software Let it recognize used tools or calculate HASH over the files you added SecurCube Webinar Series
- 8. www.securcube.net How does itwork? Evidence/case status can be modified according to the stage of analysis. For each evidence add the extracion(s) note, login credential, image and the extraction within its HASH(es) Many automations are available in the software, like: • Label printing for the devices • Copy and verification of images/files SecurCube Webinar Series
- 9. www.securcube.net How does itwork? Alerts and to do lists help the investigator to enter all the required details. LAB manager can refine the procedure to be used for every case, so the investigator is guided in following the organization’s decisions. Create multiple templates and to do lists to fit different cases/crimes types. Add your own tools with a description even if they are not listed in the software itself. Manage non digital evidences as well SecurCube Webinar Series
- 10. www.securcube.net What you get Webinar Series Wellwritten report in a single click.
- 11. www.securcube.net Thank you for attending! SecurCube NicolaCHEMELLO CEO & CO-FOUNDER https://www.linkedin.com/in/nicolachemello/ Please send us your questions or requests for discussion to sales@securcube.net www.securcube.net