Assignment Hippo Logo
LiveChat

Loading..

CMIT424 Forensic Report


[name]
[address]
[phone]
[email]

[client name]
[client address]

[date]

Dear [client],

I have completed my forensic examination of the [evidence description] found [how and where] on [date]. My examination report is enclosed with this letter. Also enclosed in the delivery package is [delivery media] which contains [modify]the digital files containing recovered work products and other information as requested by you. This delivery package completes the forensic examination of [case id].

Please countersign and return one copy of the delivery package inventory to me as your acknowledgement of receipt of this package.

Sincerely,

NAME

ENCLOSURES:
1. Delivery Package Inventory with Hand Receipt (Client to Sign and Return One Copy)
2. Forensic Examination Report: Case ID [xxx]: filename
3. Delivery Media [description, hash]


Delivery Package Inventory
Item File Name Full Path MD5 Hash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Inventory Verified By: Date
Delivery Accepted By: Date

Forensic Examination Report: Case ID: [ID]
Date: [date]
Examiner: [name]



Table of Contents
Executive Summary 1
Case Overview 2
Client Interview 2
Case Objectives 2
Onsite Examination 2
Examination of [target’s] Office 2
Examination of [target’s] Computer 2
Onsite Imaging of [drive] 3
Preparation 3
Forensic Duplication (Imaging) 3
Summary of the In-Lab Forensic Examination 3
Pre-Processing 3
Examination and Analysis of the [physical or logical media] 3
Files and Folders: Examination and Analysis of the File Systems 3
Summary of Findings 3
1. Question 1 3
2. Question 2 3
Summary Conclusions 3
Appendix A: Recovered Files 4
Appendix B: Supporting Documentation 1
Appendix C: Glossary and Bibliography 1
Glossary of Terms 1
Bibliography 1
Appendix D: Schedule of Forensics Equipment and Software 1
Appendix E: Policies 1
Attestation of Ownership and Licensing Status 1
Attestation of Anti-Virus Software Use 1
Policies 1
Appendix F: Examiner Resume & Credentials 1


Table of Figures
No table of figures entries found.

Executive Summary

Case Overview
[Who hired you, why? Who is the target? Why? What are the questions or objectives that this examination must find answers for?]
[in this section you must also address “provenance,” i.e. how you got the evidence and where it came from. This is more detailed than the chain of custody document. Included below are headings for an onsite examination and imaging… that is your provenance. If you did not do an onsite exam and imaging then you need to provide a separate provenance section.]
Client Interview
Case Objectives / Questions
1.
2.
3.
Onsite Examination
[remove if there was no examination onsite]
Examination of [target’s] Office
Narrative + pictures [remove if there was no examination onsite]
Examination of [target’s] Computer
Narrative + pictures [remove if there was no examination onsite]
Onsite Acquisition Report for Forensic Image(s)
[rename and move this section and its sub-section to the “In-Lab” section if imaging was performed in lab instead of onsite]
Preparation

Forensic Duplication (Imaging)

Summary of the In-Lab Forensic Examination
[introductory paragraph]
Pre-Processing

Examination and Analysis of the [physical or logical media]

Files and Folders: Examination and Analysis of the File Systems

Summary of Findings
[introduction paragraph]
1. Question 1 [list question here]

2. Question 2 [list question here]

[add additional questions if necessary]

Summary Conclusions


Appendix A: Recovered Files

[These are the files which you found to be of forensic interest. Provide contents or screen snapshots showing contents of actual files for text, email, short documents, spreadsheets, thumbnails of images, etc. For large files or complex content, provide a screen snapshot of the first screen or page and then provide the file name and file location in the delivery package]


Appendix B: Supporting Documentation
1.
2.
3.
4.

[This section can include copies of the client’s policies which impact this case report, e.g. an Acceptable Use Policy. This section should also include or provide reference to Employee Agreements, Non-Disclosure Agreements, etc.]


Appendix C: Glossary and Bibliography
Glossary of Terms
A
B
C

Bibliography
1.
2.
3.
4.
5.

Appendix D: Schedule of Forensics Equipment and Software
Forensics Laboratory: [name, location].
1. Forensic Software and Hardware Used in this Examination:
a.
b.
2. Forensic Workstation Configurations:
a. Computer Name:
i. Machine Type:
ii. Network Connection:
iii. Operating System:
iv. Operating System:
v. Anti Virus:
b. Computer Name:
i. Machine Type:
ii. Network Connection:
iii. Operating System:
iv. Anti Virus:
3. Local Area Network Configuration:
a. Wired:
b. Wireless:
i. Wireless Access Point:
ii. Wireless Security
1.
2.
4. Internet Connection
a. Internet Services Provider (ISP):
b. Premises Router:
c. Firewall:
Virtual Forensics Laboratory: access provided by University of Maryland Global Campus, Adelphi MD 20783. Used with permission. [modify this section to show actual tools used]
i. Accessed via VM Ware® Horizon View ™ Version 5.4.0 build 1219906
ii. Windows 7 Enterprise
iii. Access Data Forensic Toolkit Imager [insert version]
iv. Access Data Forensic Toolkit v. [insert version]
v. Access Data Password Recovery Toolkit [insert version]

Appendix E: Policies
Attestation of Ownership and Licensing Status
All hardware and software used to conduct this examination is owned by, licensed to, or authorized for use by ______________. Operating systems and software applications used in the conduct of this examination were used in accordance with the terms and conditions of the vendors’ End User Licensing Agreements (EULA).
Attestation of Anti-Virus Software Use
The computer system used to conduct this forensic examination is protected by commercial anti-virus software (___________) which provided real-time anti-virus and anti-malware protection. Virus definition files were configured for automatic updates [time period].
Policies
[Suggested policies are listed below. Generate your own policy statements and insert them in the sections below. Remove blank sections / policies]
P.001.2002: Scope of Practice & Statement of Ethical Practices

P.002.2002: Evidence: Access / Transfer / Return

P.003.2002: Case/Evidence Numbering

P.004.2002: Verification/Validation
Evidence:
Hardware and Software:
Verification and Validation:
P.005.2002: Sterile Media

P.006.2002: Write Blocking

P.007.2002: On Site Examinations

P.008.2002: Software Licensing

P.009.2002: Evidence Handling

P.010.2002: Chain of Custody

P.011.2002: Shipping and Transmittal of Evidence and Reports
First/Second Party Transfers:
Third Party Transfers:
Common Requirements for All Transfers:
Preference for Electronic Transfer of Reports:
Encrypted Transfer:
P.012.2002: Evidence Maintenance and Disposal


P.013.2002: Examinations Involving Child Pornography

P.014.2002: Use of Virtualization and Cloud Computing for Forensic Examinations


Appendix F: Examiner Resume & Credentials
Examiner: [name]
Experience Summary

Certifications and Credentials
• [never list anything here that you do not yet have]
Education
• [never list anything here that you do not yet have]

Want latest solution of this assignment
Not the Exact Question you were looking for? Post your question for instant answers.
Make Money Online