SlideShare a Scribd company logo

File000163

Desmond Devendran
Desmond Devendran
TechnologyBusiness
1 of 48
Download to read offline
Module L - Investigative Reports
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Dubai Fund Boss Faces Investigation-Reports Source: http://www.reuters.com/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Market Investigation Report on China’s Tyre Industry, 2008 out Now Source: http://www.marketwatch.com/
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Need of an investigative report • Report specifications • Report classification • Layout of an investigative report • Guidelines for writing a report • Use of the supporting material • Importance of consistency • Salient features of a good report • Investigative report format • Sample forensic report • Best Practices for Investigators • Writing report using FTK This module will familiarize you with:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Report Specifications Layout of an Investigative Report Importance of Consistency Need of an Investigative Report Investigative Report Format Salient features of a good Report Guidelines for Writing a Report Use of Supporting Material Report Classification Sample Forensic Report Best practices for Investigators Writing Report using FTK
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensic Report • Explain how the incident occurred • Be technically sound and clear to understand • Be properly formatted with page and paragraph numbers for easy referencing • Provide unambiguous conclusions, opinions, and recommendations supported by figures and facts • Adhere to local laws of land to be admissible in courts • Be submitted in a timely manner Investigative report should: Computer forensic report provides detailed information on complete computer forensics investigation process
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Report Template Objectives Date and time the incident allegedly occurred Date and time the incident was reported to agency personnel Name of the person or persons reporting the incident Date and time the investigation was assigned Nature of claim and information provided to the investigator Location of evidence • Case Number • Name and social security number of the author, investigators, and examiners • Why was the investigation undertaken? • List significant findings • Signatures analysis Summary
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Report Template (cont’d) List of the collected evidences Collection of evidence Preservation of evidence Initial evaluation of the evidence Investigative techniques Analysis of the computer evidence Relevant findings Supporting expert opinion • Attacker methodology • User applications • Internet activity • Recommendations Other supporting details:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Format Specifications PDF is the preferred format for digital reports Do not file a report directly with the court Definition of goal or mission is must Order of writing should match the development of the case Use of outline or arrangement is suggested Keep a copy of the report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Classification • A structured verbal report delivered to a board of directors/managers/panel of jury under oath Verbal formal report • A verbal report that is less structured than a formal report and is delivered in person, usually in an attorney’s office or police station Verbal informal report • A written report sworn under oath, such as an affidavit or declaration Written formal report • An informal or preliminary report in written form Written informal report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report • Decimal numbering system • Legal-sequential numbering system You can choose the numbering structure from two layout systems: • To clearly communicate the information • To draw the reader’s attention to a point Include signposts: Present the text accurately Maintain a proper document style throughout the text
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report (cont’d) • Figures, tables, data, and equations Provide supporting material • How you have studied the problem Explain methods Include data collection
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report: Numbering • Divides the text into sections • Readers can scan the heading • Readers can identify how the parts relate to each other Decimal numbering structure • Used in pleadings • Roman numerals represent major aspects • Arabic numbers are supporting information Legal-sequential numbering
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Guidelines for Writing a Report Avoid jargon, slang, or colloquial terms Define acronyms and abbreviations Check for grammar and spellings Writing should be concise Do not make any assumptions Do not identify any leads Double-check media findings Write theoretical questions based on factual evidence Report must support your opinion Write opinions based on knowledge and experience
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Use of Supporting Material Use figures, tables, data, and equation as a supporting material Number figures and tables in the same order as they are introduced in the report Provide captions with complete information Insert figures and tables after the paragraph
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Consistency The sections in the report format must be adjusted in the same way Consistency is more important than exact format in report Establish a template for writing report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Salient Features of a Good Report Explains methods of investigations Data collection Includes calculations Provides for uncertainty and error analysis Explains results Discusses results and conclusions Provides references Includes appendices Provides acknowledgements
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Aspects of a Good Report A good report achieves the purpose by answering the questions that were set out in mandate for investigator It is designed to meet the needs of the decision-maker A decision-maker must rely on the facts that were presented in the report The facts must be based on the evidence in the file It must be clear and written in a neutral language so that the decision-maker and other readers will be able to understands it It should be concise and must convey the necessary information It should be structured in such a way so that information can be located easily
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigative Report Format Get samples of already established report format Estimate objectivity Document the findings in an unbiased and accurate manner Address the identification and continuity of the evidence Include any relevant extracts referred to the report that supports analysis or conclusions
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Attachments and Appendices Use attachments or appendices as a supplement to the report Attachments and appendices can be used to further detail any terminology, findings, or recommendations presented in the report You can provide the reference to attachments or appendices when the report has more content
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Include Metadata • System metadata can be used to identify the change in file location • Application metadata can be used to identify the change in document author, document version, macros, email “to,” “from,” “subject,” etc Two types of file metadata can be used in the forensic investigation: Metadata is information about the file which includes who created a file and time/date stamps The significance of metadata is based on the properties of the file type During analysis, the expert needs to work with the mirror image to avoid altering metadata
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Signature Analysis Signature analysis verifies file signature to know whether any files have been renamed It identifies the difference between a file extension and the file header It can be used for making hash sets for file filtering
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Forensic Report • Investigation • Concise summary of conclusions • Observations • All appropriate recommendations The report identifies the continuity of the information and describes the procedures utilized during:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigation Procedures General evidence • The date and time the investigator visited the site of the incident • The person with whom the investigator spoke with at that site Collecting physical and demonstrative evidence Testimonial evidence
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting Physical and Demonstrative Evidence The manner in which the scene of the incident, if any, was secured A list of each piece of physical evidence that was collected The manner in which the physical evidence was collected and logged The manner in which the physical evidence was preserved after collection in order to maintain the chain of custody A list of any pictures, which were taken A list of any other demonstrative evidence available to the investigation, e.g. diagrams, maps, floor plans, and x-rays
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting Testimonial Evidence The way in which the investigator determined whom to interview A list of all persons interviewed in chronological order, including title, date, and time of each interview The person or persons, if any, as the target or targets of the case The way in which the investigator afforded the target or other witnesses any right to representation, if such rights exist by labor contract, law, or regulation Interviews without the writer’s statement
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Do’s and Don'ts of Forensic Computer Investigations Ask questions Document thoroughly Operate in good faith Do not get in over your head Make the decision to investigate Treat everything as confidential File it
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Case Report Writing and Documentation Document the entire computer media analysis and conclusions in the "Investigative Analysis Report” Identify any files pertinent to the investigation and print them for inclusion as attachments to the analysis report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Create a Report to Attach to the Media Analysis Worksheet • Date and time of the evidence CPU • Current date and time (include appropriate time zone) • Significant problems/broken items • Lapses in analysis • Finding evidence • Special techniques required beyond normal processes (e.g., password cracker) • Outside sources (e.g., commercial companies that provide assistance and information by trained CCIs over Computer Forensic Investigators) Keep notes on:
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Best Practices for Investigators Before submitting the report, read it again • It gives a clear view of where you need to make changes Anyone new to the situation should be able to understand the report While revising the report, ensure that it is coherent, not repetitive, and presents information in right place Ensure that the report corresponds to mandate
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d) Final Report
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Investigative Reports are critical during investigations because they communicate computer forensics findings and other information to the necessary authorities Reports can be formal or informal, verbal, or written Reports need to be error free Avoid jargons, slangs, or colloquial terms
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited

Recommended

File000176
File000176File000176
File000176Desmond Devendran
 
File000162
File000162File000162
File000162Desmond Devendran
 
File000172
File000172File000172
File000172Desmond Devendran
 
File000171
File000171File000171
File000171Desmond Devendran
 
File000169
File000169File000169
File000169Desmond Devendran
 
File000170
File000170File000170
File000170Desmond Devendran
 
File000168
File000168File000168
File000168Desmond Devendran
 
File000166
File000166File000166
File000166Desmond Devendran
 

Recommended

File000176
File000176File000176
File000176Desmond Devendran
 
File000162
File000162File000162
File000162Desmond Devendran
 
File000172
File000172File000172
File000172Desmond Devendran
 
File000171
File000171File000171
File000171Desmond Devendran
 
File000169
File000169File000169
File000169Desmond Devendran
 
File000170
File000170File000170
File000170Desmond Devendran
 
File000168
File000168File000168
File000168Desmond Devendran
 
File000166
File000166File000166
File000166Desmond Devendran
 
CHFI
CHFICHFI
CHFIDesmond Devendran
 
File000164
File000164File000164
File000164Desmond Devendran
 
File000118
File000118File000118
File000118Desmond Devendran
 
File000117
File000117File000117
File000117Desmond Devendran
 
File000114
File000114File000114
File000114Desmond Devendran
 
File000120
File000120File000120
File000120Desmond Devendran
 
File000113
File000113File000113
File000113Desmond Devendran
 
File000115
File000115File000115
File000115Desmond Devendran
 
File000116
File000116File000116
File000116Desmond Devendran
 
File000119
File000119File000119
File000119Desmond Devendran
 
File000167
File000167File000167
File000167Desmond Devendran
 
File000175
File000175File000175
File000175Desmond Devendran
 
File000173
File000173File000173
File000173Desmond Devendran
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensicsKabul Education University
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VArthyR3
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVArthyR3
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...OSTHUS
 
TMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxTMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxJaimeHinojosa18
 

More Related Content

What's hot

Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays Worldgueste0d962
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VArthyR3
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVArthyR3
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingVi Tính Hoàng Nam
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements Sonali Parab
 

What's hot (20)

CHFI
CHFICHFI
CHFI
 
File000164
File000164File000164
File000164
 
File000118
File000118File000118
File000118
 
File000117
File000117File000117
File000117
 
File000114
File000114File000114
File000114
 
File000120
File000120File000120
File000120
 
File000113
File000113File000113
File000113
 
File000115
File000115File000115
File000115
 
File000116
File000116File000116
File000116
 
File000119
File000119File000119
File000119
 
File000167
File000167File000167
File000167
 
File000175
File000175File000175
File000175
 
File000173
File000173File000173
File000173
 
Lect 1 computer forensics
Lect 1 computer forensicsLect 1 computer forensics
Lect 1 computer forensics
 
Chfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays WorldChfi V3 Module 01 Computer Forensics In Todays World
Chfi V3 Module 01 Computer Forensics In Todays World
 
CS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT VCS6004 Cyber Forensics - UNIT V
CS6004 Cyber Forensics - UNIT V
 
CS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IVCS6004 Cyber Forensics - UNIT IV
CS6004 Cyber Forensics - UNIT IV
 
Ce hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handlingCe hv6 module 57 computer forensics and incident handling
Ce hv6 module 57 computer forensics and incident handling
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering Techniques
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 

Similar to File000163

Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...OSTHUS
 
TMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxTMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxJaimeHinojosa18
 
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...OSTHUS
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6sabtolinux
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6sabtolinux
 
iEHR.eu IHIC 2012 Presentation
iEHR.eu IHIC 2012 PresentationiEHR.eu IHIC 2012 Presentation
iEHR.eu IHIC 2012 Presentationiehreu
 
Mis system analysis and system design
Mis system analysis and system designMis system analysis and system design
Mis system analysis and system designRahul Hedau
 
ctd and e ctd submission
ctd and e ctd submissionctd and e ctd submission
ctd and e ctd submissionRohit K.
 
Epo data exchange requisites
Epo data exchange requisitesEpo data exchange requisites
Epo data exchange requisitesLATIPAT
 
Rubric Name Network Design Proposal Part 1Competencie.docx
Rubric Name Network Design Proposal Part 1Competencie.docxRubric Name Network Design Proposal Part 1Competencie.docx
Rubric Name Network Design Proposal Part 1Competencie.docxcheryllwashburn
 
Practical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFPractical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFMontrium
 
Report Writing - Music Assignment
Report Writing - Music AssignmentReport Writing - Music Assignment
Report Writing - Music AssignmentChristopher Baker
 
Criteria for Research AssignmentPSCI 1010· The paper is due on.docx
Criteria for Research AssignmentPSCI 1010· The paper is due on.docxCriteria for Research AssignmentPSCI 1010· The paper is due on.docx
Criteria for Research AssignmentPSCI 1010· The paper is due on.docxwillcoxjanay
 
Specification writing
Specification writingSpecification writing
Specification writingBSRIA
 
II-SDV 2015, 20 - 21 April, in Nice
II-SDV 2015, 20 - 21 April, in NiceII-SDV 2015, 20 - 21 April, in Nice
II-SDV 2015, 20 - 21 April, in NiceDr. Haxel Consult
 
How Can We Make Algorithmic News More Transparent?
How Can We Make Algorithmic News More Transparent?How Can We Make Algorithmic News More Transparent?
How Can We Make Algorithmic News More Transparent?Stuart Myles
 

Similar to File000163 (20)

Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
Allotrope Foundation & OSTHUS at SmartLab Exchange 2015: Update on the Allotr...
 
TMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptxTMF-Reference-Model-Presentation.pptx
TMF-Reference-Model-Presentation.pptx
 
TMF PDF.pdf
TMF PDF.pdfTMF PDF.pdf
TMF PDF.pdf
 
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
Revolutionizing Laboratory Instrument Data for the Pharmaceutical Industry:...
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6
 
Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6Latihan7 comp-forensic-bab6
Latihan7 comp-forensic-bab6
 
iEHR.eu IHIC 2012 Presentation
iEHR.eu IHIC 2012 PresentationiEHR.eu IHIC 2012 Presentation
iEHR.eu IHIC 2012 Presentation
 
Mis system analysis and system design
Mis system analysis and system designMis system analysis and system design
Mis system analysis and system design
 
Report writing
Report writingReport writing
Report writing
 
ctd and e ctd submission
ctd and e ctd submissionctd and e ctd submission
ctd and e ctd submission
 
Trm Trusted Repositories
Trm Trusted RepositoriesTrm Trusted Repositories
Trm Trusted Repositories
 
Epo data exchange requisites
Epo data exchange requisitesEpo data exchange requisites
Epo data exchange requisites
 
Rubric Name Network Design Proposal Part 1Competencie.docx
Rubric Name Network Design Proposal Part 1Competencie.docxRubric Name Network Design Proposal Part 1Competencie.docx
Rubric Name Network Design Proposal Part 1Competencie.docx
 
Practical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMFPractical Steps to Selecting and Implementing an eTMF
Practical Steps to Selecting and Implementing an eTMF
 
Report Writing - Music Assignment
Report Writing - Music AssignmentReport Writing - Music Assignment
Report Writing - Music Assignment
 
Criteria for Research AssignmentPSCI 1010· The paper is due on.docx
Criteria for Research AssignmentPSCI 1010· The paper is due on.docxCriteria for Research AssignmentPSCI 1010· The paper is due on.docx
Criteria for Research AssignmentPSCI 1010· The paper is due on.docx
 
Specification writing
Specification writingSpecification writing
Specification writing
 
II-SDV 2015, 20 - 21 April, in Nice
II-SDV 2015, 20 - 21 April, in NiceII-SDV 2015, 20 - 21 April, in Nice
II-SDV 2015, 20 - 21 April, in Nice
 
How Can We Make Algorithmic News More Transparent?
How Can We Make Algorithmic News More Transparent?How Can We Make Algorithmic News More Transparent?
How Can We Make Algorithmic News More Transparent?
 
GRC in Australia slides
GRC in Australia slidesGRC in Australia slides
GRC in Australia slides
 

More from Desmond Devendran

Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guidesDesmond Devendran
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeDesmond Devendran
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentialsDesmond Devendran
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management Desmond Devendran
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDesmond Devendran
 

More from Desmond Devendran (18)

Siam key-facts
Siam key-factsSiam key-facts
Siam key-facts
 
Siam foundation-process-guides
Siam foundation-process-guidesSiam foundation-process-guides
Siam foundation-process-guides
 
Siam foundation-body-of-knowledge
Siam foundation-body-of-knowledgeSiam foundation-body-of-knowledge
Siam foundation-body-of-knowledge
 
Enterprise service-management-essentials
Enterprise service-management-essentialsEnterprise service-management-essentials
Enterprise service-management-essentials
 
Service Integration and Management
Service Integration and Management Service Integration and Management
Service Integration and Management
 
Diagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_enDiagram of iso_22301_implementation_process_en
Diagram of iso_22301_implementation_process_en
 
CHFI 1
CHFI 1CHFI 1
CHFI 1
 
File000174
File000174File000174
File000174
 
File000165
File000165File000165
File000165
 
File000161
File000161File000161
File000161
 
File000160
File000160File000160
File000160
 
File000159
File000159File000159
File000159
 
File000158
File000158File000158
File000158
 
File000157
File000157File000157
File000157
 
File000156
File000156File000156
File000156
 
File000155
File000155File000155
File000155
 
File000154
File000154File000154
File000154
 
File000153
File000153File000153
File000153
 

Recently uploaded

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

File000163

  • 1. Module L - Investigative Reports
  • 2. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Dubai Fund Boss Faces Investigation-Reports Source: http://www.reuters.com/
  • 3. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited News: Market Investigation Report on China’s Tyre Industry, 2008 out Now Source: http://www.marketwatch.com/
  • 4. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Objective • Need of an investigative report • Report specifications • Report classification • Layout of an investigative report • Guidelines for writing a report • Use of the supporting material • Importance of consistency • Salient features of a good report • Investigative report format • Sample forensic report • Best Practices for Investigators • Writing report using FTK This module will familiarize you with:
  • 5. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Module Flow Report Specifications Layout of an Investigative Report Importance of Consistency Need of an Investigative Report Investigative Report Format Salient features of a good Report Guidelines for Writing a Report Use of Supporting Material Report Classification Sample Forensic Report Best practices for Investigators Writing Report using FTK
  • 6. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensic Report • Explain how the incident occurred • Be technically sound and clear to understand • Be properly formatted with page and paragraph numbers for easy referencing • Provide unambiguous conclusions, opinions, and recommendations supported by figures and facts • Adhere to local laws of land to be admissible in courts • Be submitted in a timely manner Investigative report should: Computer forensic report provides detailed information on complete computer forensics investigation process
  • 7. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Report Template Objectives Date and time the incident allegedly occurred Date and time the incident was reported to agency personnel Name of the person or persons reporting the incident Date and time the investigation was assigned Nature of claim and information provided to the investigator Location of evidence • Case Number • Name and social security number of the author, investigators, and examiners • Why was the investigation undertaken? • List significant findings • Signatures analysis Summary
  • 8. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Computer Forensics Report Template (cont’d) List of the collected evidences Collection of evidence Preservation of evidence Initial evaluation of the evidence Investigative techniques Analysis of the computer evidence Relevant findings Supporting expert opinion • Attacker methodology • User applications • Internet activity • Recommendations Other supporting details:
  • 9. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Format Specifications PDF is the preferred format for digital reports Do not file a report directly with the court Definition of goal or mission is must Order of writing should match the development of the case Use of outline or arrangement is suggested Keep a copy of the report
  • 10. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Report Classification • A structured verbal report delivered to a board of directors/managers/panel of jury under oath Verbal formal report • A verbal report that is less structured than a formal report and is delivered in person, usually in an attorney’s office or police station Verbal informal report • A written report sworn under oath, such as an affidavit or declaration Written formal report • An informal or preliminary report in written form Written informal report
  • 11. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report • Decimal numbering system • Legal-sequential numbering system You can choose the numbering structure from two layout systems: • To clearly communicate the information • To draw the reader’s attention to a point Include signposts: Present the text accurately Maintain a proper document style throughout the text
  • 12. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report (cont’d) • Figures, tables, data, and equations Provide supporting material • How you have studied the problem Explain methods Include data collection
  • 13. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Layout of an Investigative Report: Numbering • Divides the text into sections • Readers can scan the heading • Readers can identify how the parts relate to each other Decimal numbering structure • Used in pleadings • Roman numerals represent major aspects • Arabic numbers are supporting information Legal-sequential numbering
  • 14. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Guidelines for Writing a Report Avoid jargon, slang, or colloquial terms Define acronyms and abbreviations Check for grammar and spellings Writing should be concise Do not make any assumptions Do not identify any leads Double-check media findings Write theoretical questions based on factual evidence Report must support your opinion Write opinions based on knowledge and experience
  • 15. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Use of Supporting Material Use figures, tables, data, and equation as a supporting material Number figures and tables in the same order as they are introduced in the report Provide captions with complete information Insert figures and tables after the paragraph
  • 16. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Importance of Consistency The sections in the report format must be adjusted in the same way Consistency is more important than exact format in report Establish a template for writing report
  • 17. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Salient Features of a Good Report Explains methods of investigations Data collection Includes calculations Provides for uncertainty and error analysis Explains results Discusses results and conclusions Provides references Includes appendices Provides acknowledgements
  • 18. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Aspects of a Good Report A good report achieves the purpose by answering the questions that were set out in mandate for investigator It is designed to meet the needs of the decision-maker A decision-maker must rely on the facts that were presented in the report The facts must be based on the evidence in the file It must be clear and written in a neutral language so that the decision-maker and other readers will be able to understands it It should be concise and must convey the necessary information It should be structured in such a way so that information can be located easily
  • 19. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigative Report Format Get samples of already established report format Estimate objectivity Document the findings in an unbiased and accurate manner Address the identification and continuity of the evidence Include any relevant extracts referred to the report that supports analysis or conclusions
  • 20. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Attachments and Appendices Use attachments or appendices as a supplement to the report Attachments and appendices can be used to further detail any terminology, findings, or recommendations presented in the report You can provide the reference to attachments or appendices when the report has more content
  • 21. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Include Metadata • System metadata can be used to identify the change in file location • Application metadata can be used to identify the change in document author, document version, macros, email “to,” “from,” “subject,” etc Two types of file metadata can be used in the forensic investigation: Metadata is information about the file which includes who created a file and time/date stamps The significance of metadata is based on the properties of the file type During analysis, the expert needs to work with the mirror image to avoid altering metadata
  • 22. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Signature Analysis Signature analysis verifies file signature to know whether any files have been renamed It identifies the difference between a file extension and the file header It can be used for making hash sets for file filtering
  • 23. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Forensic Report • Investigation • Concise summary of conclusions • Observations • All appropriate recommendations The report identifies the continuity of the information and describes the procedures utilized during:
  • 24. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report
  • 25. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 26. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 27. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 28. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 29. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 30. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Sample Report (cont’d)
  • 31. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Investigation Procedures General evidence • The date and time the investigator visited the site of the incident • The person with whom the investigator spoke with at that site Collecting physical and demonstrative evidence Testimonial evidence
  • 32. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting Physical and Demonstrative Evidence The manner in which the scene of the incident, if any, was secured A list of each piece of physical evidence that was collected The manner in which the physical evidence was collected and logged The manner in which the physical evidence was preserved after collection in order to maintain the chain of custody A list of any pictures, which were taken A list of any other demonstrative evidence available to the investigation, e.g. diagrams, maps, floor plans, and x-rays
  • 33. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Collecting Testimonial Evidence The way in which the investigator determined whom to interview A list of all persons interviewed in chronological order, including title, date, and time of each interview The person or persons, if any, as the target or targets of the case The way in which the investigator afforded the target or other witnesses any right to representation, if such rights exist by labor contract, law, or regulation Interviews without the writer’s statement
  • 34. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Do’s and Don'ts of Forensic Computer Investigations Ask questions Document thoroughly Operate in good faith Do not get in over your head Make the decision to investigate Treat everything as confidential File it
  • 35. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Case Report Writing and Documentation Document the entire computer media analysis and conclusions in the "Investigative Analysis Report” Identify any files pertinent to the investigation and print them for inclusion as attachments to the analysis report
  • 36. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Create a Report to Attach to the Media Analysis Worksheet • Date and time of the evidence CPU • Current date and time (include appropriate time zone) • Significant problems/broken items • Lapses in analysis • Finding evidence • Special techniques required beyond normal processes (e.g., password cracker) • Outside sources (e.g., commercial companies that provide assistance and information by trained CCIs over Computer Forensic Investigators) Keep notes on:
  • 37. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Best Practices for Investigators Before submitting the report, read it again • It gives a clear view of where you need to make changes Anyone new to the situation should be able to understand the report While revising the report, ensure that it is coherent, not repetitive, and presents information in right place Ensure that the report corresponds to mandate
  • 38. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK
  • 39. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 40. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 41. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 42. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 43. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 44. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d)
  • 45. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Writing Report Using FTK (cont’d) Final Report
  • 46. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Summary Investigative Reports are critical during investigations because they communicate computer forensics findings and other information to the necessary authorities Reports can be formal or informal, verbal, or written Reports need to be error free Avoid jargons, slangs, or colloquial terms
  • 47. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
  • 48. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited