Appropriate method ...
 
Notifications
Clear all

Appropriate method for presenting artifacts from an Encase

5 Posts
5 Users
0 Likes
1,210 Views
(@geggs)
Posts: 2
New Member
Topic starter
 

Hi All,

I'm practicing analyzing an image file using Encase trying to find artifacts which I did. However, what is the most appropriate method for presenting artifacts from the Encase case into a forensic report?

Cheers

GG

 
Posted : 16/06/2019 4:11 am
(@athulin)
Posts: 1156
Noble Member
 

I'm practicing analyzing an image file using Encase trying to find artifacts which I did. However, what is the most appropriate method for presenting artifacts from the Encase case into a forensic report?

Usually, it's the one that makes the readers of that report able to see the relevant information without any loss of information, and without any ambiguity. And that's in the eyes of the readers.

I have not kept up with recent releases of EnCase, but I'd expect that it still provides its own reporting module. That may be the best thing for the analyst, but it won't help you with disposition, and unintelligent or uninformed use of it will make for singularly unreadable reports.

 
Posted : 16/06/2019 6:38 am
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

I'm practicing analyzing an image file using Encase trying to find artifacts which I did. However, what is the most appropriate method for presenting artifacts from the Encase case into a forensic report?

What are your analysis goals? What are you attempting to prove or disprove? Who is your audience?

 
Posted : 16/06/2019 12:27 pm
jpickens
(@jpickens)
Posts: 130
Estimable Member
 

As a starting point, you could bookmark all your items that you want to be in the report and use the built in report module. From there, I would export to Word and build my report and format it accordingly.

 
Posted : 17/06/2019 1:09 pm
kastajamah
(@kastajamah)
Posts: 109
Estimable Member
 

I'm practicing analyzing an image file using Encase trying to find artifacts which I did. However, what is the most appropriate method for presenting artifacts from the Encase case into a forensic report?

What are your analysis goals? What are you attempting to prove or disprove? Who is your audience?

This is a valid point. Is your audience/stakeholders technical or non-technical? What have they asked you to find? What I have done in the past is, I create a narrative report documenting my process, analysis, and findings. My findings are based on what they have asked for and anything supporting what they have asked for or proving that what they have asked for is not there. I then hyperlink to my report the relevant artifacts that I found in EnCase.

 
Posted : 17/06/2019 1:18 pm
Share: