Appropriate method ...
 
Notifications
Clear all

Appropriate method for presenting artifacts from an Encase  

  RSS
Geggs
(@geggs)
New Member

Hi All,

I'm practicing analyzing an image file using Encase trying to find artifacts which I did. However, what is the most appropriate method for presenting artifacts from the Encase case into a forensic report?

Cheers

GG

Quote
Posted : 16/06/2019 5:11 am
athulin
(@athulin)
Community Legend

I'm practicing analyzing an image file using Encase trying to find artifacts which I did. However, what is the most appropriate method for presenting artifacts from the Encase case into a forensic report?

Usually, it's the one that makes the readers of that report able to see the relevant information without any loss of information, and without any ambiguity. And that's in the eyes of the readers.

I have not kept up with recent releases of EnCase, but I'd expect that it still provides its own reporting module. That may be the best thing for the analyst, but it won't help you with disposition, and unintelligent or uninformed use of it will make for singularly unreadable reports.

ReplyQuote
Posted : 16/06/2019 7:38 am
keydet89
(@keydet89)
Community Legend

I'm practicing analyzing an image file using Encase trying to find artifacts which I did. However, what is the most appropriate method for presenting artifacts from the Encase case into a forensic report?

What are your analysis goals? What are you attempting to prove or disprove? Who is your audience?

ReplyQuote
Posted : 16/06/2019 1:27 pm
jpickens
(@jpickens)
Active Member

As a starting point, you could bookmark all your items that you want to be in the report and use the built in report module. From there, I would export to Word and build my report and format it accordingly.

ReplyQuote
Posted : 17/06/2019 2:09 pm
kastajamah
(@kastajamah)
Member

I'm practicing analyzing an image file using Encase trying to find artifacts which I did. However, what is the most appropriate method for presenting artifacts from the Encase case into a forensic report?

What are your analysis goals? What are you attempting to prove or disprove? Who is your audience?

This is a valid point. Is your audience/stakeholders technical or non-technical? What have they asked you to find? What I have done in the past is, I create a narrative report documenting my process, analysis, and findings. My findings are based on what they have asked for and anything supporting what they have asked for or proving that what they have asked for is not there. I then hyperlink to my report the relevant artifacts that I found in EnCase.

ReplyQuote
Posted : 17/06/2019 2:18 pm
Share: