Investigations are not proven in a jurisdiction until a detailed forensic report is created and presented to a judge or jury who can take it to the next level. Presenting digital evidence should be laid out that it is not overly technical in order for all parties to fully understand and interpret in its arrangement, yet still goes into absolute detail to express all the intricacies of an investigation and its extrication.
Starting out with a Case Summary or Overview of the particulars of the investigation provides a general rounding for all parties to understand the scope of the report and all relevant touch points therein.
In situations where one will not be able to present the findings in person, it is invaluable to preface the report with a management or executive summary (Christly, 2012). This gives the client a quick summary of the case and the significant parts that should be engaged furthermost.
Continuing with Forensic Acquisition and how one came about the specifics of acquiring the members of evidence is then very important to build up into the core of the report. This also helps to shape the particulars of a digital forensic case and allows for further elaboration of any profound points down the line.
It is recommended that the Findings and Forensic Analysis Report particulars are subsequently drawn up to illustrate the evidence found for the case. Providing hyperlinks to pictures, documents or other useful graphic explanatory articles in this section is very good practice (Garnett, 2010) and will help to form a visual understanding of the report to all parties involved in assessing the legal ramifications and evidence saturation of the perpetrator and their wrong doings.
It is always beneficial to finish every report with a In Summary. This forms the final summary and evaluation of a report into a concise closing statement that is succinct yet technically accurate to the points being made throughout.
An example structure could be as following:
- Table of Contents
- Management/Executive Summary
- Objectives, Case Summary / Overview
- Evidence Analysed / Forensic Acquisition
- Steps Taken
- Findings / Forensic Analysis Report
- Timeline
- Exhibits / Graphic Demonstrable Evidence
- In Summary
What really adds value to digital forensics is the analysis (Kelley, 2012). While it can be very difficult to fully cover all aspects of digital forensic investigations into a single report, it is certainly much easier if a standardised template is followed to make sure all grounds and routes are covered (Garrie, 2016). Presenting forensic evidence is key in bringing cyber criminals to justice.
References:
Christly, J. (2012) Forensic Reporting: How it works and why is it important? [Online] EteraConsulting.com, Available from: http://www.eteraconsulting.com/forensic-reporting-how-it-works-and-why-is-it-important/ (Accessed on 26th August 2018)
Garnett, B. (2010) Intro to Report Writing for Digital Forensics [Online] Digital-Forensics.Sans.Org, Available from: https://digital-forensics.sans.org/blog/2010/08/25/intro-report-writing-digital-forensics (Accessed on 26th August 2018)
Kelley, M. (2012) Report Writing Guidelines [Online] ForensicMag.com, Available from: https://www.forensicmag.com/article/2012/05/report-writing-guidelines (Accessed on 26th August 2018)
Garrie, D. (2016) The Neutral Corner: Understanding a Digital Forensics Report [Online] LegalExecutiveInstitute.com, Available from: http://www.legalexecutiveinstitute.com/understanding-digital-forensics-report/ (Accessed on 26th August 2018)