Brad Garnett

Welcome to my Digital Forensics and Incident Response oasis!

Digital Forensics, Incident Response, and Information Security

Filtering by Tag: Report Writing

Report Writing for Digital Forensics: Part II

This blog post is a second edition and follow-up to Intro to Report Writing for Digital Forensics., which you've taken the time to review, digest, and dissect. How the digital forensic practitioner presents digital evidence to his/her intended audience (Regardless, of why we are preparing a digital forensic report), establishes proficiency of the digital forensic examination. Let's take it even a step further, how will you present your findings? Effectively reporting what you found during your forensic examination will aid you in presenting your report and the digital evidence to whomever your intended audience will be, which ultimately may be a jury in a criminal or civil proceeding. In this blog post, we are going to tackle some more report writing issues. Remember, YMMV depending on what hat you wear in digital forensics and who you will be reporting the findings to from your digital forensic examination...

Continue reading it here.

Author's Note: I originally wrote this article for the SANS Digital Forensics and Incident Response Blog. It has generated a lot of questions, feedback, and references over the past few years so I wanted to add it to my blog as well.

Intro to Report Writing for Digital Forensics

So you've just completed your forensic examination and found that forensic gem or smoking gun in your case, so how do you proceed? Depending on where you fall as a forensicator (e.g., law enforcement, intelligence, criminal defense work, incident response, e-discovery) you will have to report your findings. Foremost, find out what type of work product you are going to be required to produce to the client, attorney, etc. This will be your guide for completing your report. While the report writing part of the digital forensic examination process is not as fun as the forensic analysis, it is a very important link in the chain...

Continue reading it here.

Author's Note: I originally wrote this article for the SANS Digital Forensics and Incident Response Blog in August of 2010. It has generated a lot of questions, feedback, and references over the past few years so I wanted to add it to my blog as well.