writing guide computer forensic examiners
Your training supervisor has asked you to research and recommend a writing guide which will be used by the future investigators in your computer forensics investigation unit to writing official reports.
You should also research professional associations for writing guidelines. In a 2- to 3-page Microsoft Word document, combine guidelines from different sources while formulating your recommendations for a technical and legal writing guide for computer forensic examiners. Support your responses with examples.
Cite any sources in APA format.
Here is something you can use tfor a guide.
It is very important to communicate the meaning of the evidence; otherwise you can’t do anything with it. The presentation of the evidence should be such that it even a layman can understand it easily.
The examiner is responsible for reporting his or her findings and the results of the analysis of the digital evidence examination in an accurate manner. Documentation is an ongoing process throughout the examination. Steps taken during the examination of the digital evidence should be recorded properly.
The entire documentation should be complete, accurate, and comprehensive. The resulting report should be written for the intended audience.
It is crucial to record and document each and everything that is done and used during the procedure of the investigation. This ensures that the procedure is repeatable. These records and documents can be extensive as the job of the investigator is to identify and report on the facts. The level of detail can make or break an investigation. As an investigator, one should never take a short cut in documentation by omitting relevant information. Even the minute information as to who initially reported the suspected incident along with the time, date, and circumstances surrounding the suspected incident should be recorded during an investigation. Also, details of the initial assessment leading to the formal investigation should be recorded.
In addition, it is important to record the names of all persons conducting the investigation. The case number of the incident and the reasons for the investigation should also be recorded. Furthermore, a list of all computer systems included in the investigation along with complete system specifications should be recorded. Network diagrams and applications running on the computer systems previously listed should be recorded. Also, a copy of the policy or policies that relate to accessing and using the systems previously listed should be recorded. A list of administrators responsible for the routine maintenance of the system as well as a detailed list of steps used in collecting and analyzing evidence should be recorded. Finally, an access control list of who had access to the collected evidence at what date and time should be recorded.
In the present times, all scientific examinations are rigorously tested and documented. When scientific information, especially, digital evidence is presented in court; even judges, attorneys, and examiners struggle to understand or effectively present the technology. At time, prosecutors and defense attorneys with large caseloads and severe time constraints wrestle to comprehend even the basic concepts.
Effective courtroom testimony is a critical component of the examiner’s duties. The ability to effectively communicate an understanding of the science, technology, and test analyses involved with a particular case to non-scientists is essential. Maintaining objectivity, professionalism, and scientific integrity is absolutely necessary and will avoid many of the pitfalls that examiners may otherwise face.