This document provides information on the proposed style guide for writing a Computer Forensic Report. In particular, this document provides guidelines on the report contents, the report structure, the referencing format, and the sentence structure.
It is proposed that a Computer Forensic Report include the following sections (“A Template for Computer Forensics Report,” n.d.):
- Executive summary – This section provides a summary of the most important points that are made in the report, so that the reader can get a quick and comprehensive overview of what is contained in the report.
- Background to the case – This section provides an overview of the case being investigated.
- Objectives – This section provides information on the objectives that the forensic investigation aims to achieve.
- Computer Evidence Analyzed – This section provides information on the various computer forensic evidences that have been gathered and analyzed. In particular, this section can include subsections for the following:
- Initial Examination
- Registry Information
- Image Scan Results
- Virus Scan Results
- Password-protected or encrypted files
- Scripts
- Searches
(Computer Forensics Report Template, 2009)
- Relevant findings – This section provides information on the results of the various data and computer analyses that were performed.
- Supporting details – This section provides further information that would support the findings that were obtained from the analyses.
- Investigative leads – This section provides information that can be used for the successful resolution of the investigation. These may have been obtained from the analyses that were previously conducted.
- Other subsections – Other subsections that can be added to the report include subsections on the Internet Activity, User Applications, Attacker Methodology, and Recommendations.
Report Structure
The following structure should be followed for the Computer Forensic Report:
- First Level Heading – This heading should be numbered with a Roman numeral. It should not be indented and should be in bold.
Example:
- Background to the Case
- Objectives
- Computer Evidence
- Second Level Heading – This heading should be numbered with an Arabic numeral and indented below the First Level Heading. It should also be in bold.
Example:
- Computer Evidence
- Initial Examination
- Registry Information
- Image Scan Results
- Third Level Heading – This heading should be numbered with lowercase letters and indented below the Second Level Heading. They should not be in bold.
Example:
- Computer Evidence
- Initial Examination
- Registry Information
- Image Scan Results
- Result 1
- Result 2
- Result 3
Referencing
For any information needs to be referenced, in-text citations and a References page should be added. The format should conform to the APA referencing style (Purdue Online Writing Lab, 2013).
Sentence Structure
– Use the active voice. This is more easily understood than the passive voice.
– Use the present tense. This enhances the readability of the paper.
– Refrain from using the first or second person. Use only the third person to denote the objectivity of the information being presented by the report.
– Refrain from writing long sentences. Break them down into smaller sentences.
– Write short paragraphs to ensure that a paragraph talks about only one topic. This enhances the reader’s comprehension of the text.
References
A template for computer forensic reports. (n.d.). Retrieved from
http://my.safaribooksonline.com/book/networking/forensic-analysis/9
780072226966/writing-computer-forensic-reports/ch17lev1sec3.
Computer forensics report template. (2009). Retrieved from http://computer-
forensics.privacyresources.org/forensic-template.htm.
Purdue Online Writing Lab. (2013). General APA guidelines. Retrieved from
http://owl.english.purdue.edu/owl/resource/560/01/.