The purpose of conducting forensic analysis or investigations on a computer or information technology system is to unravel an incidence and expose a crime. The information gathered during the investigations has numerous uses, it could be for organizational consumption or use in the court. Regardless of how the information will be consumed, it is imperative for the investigators to ensure that the report made following successful investigation meet the scientific and legal standards (Sammons, 2012). If a report created by the forensics team fails to meet the scientific thresholds and legal requirements for a standard forensic report, the information contained will not be of help both in the court and in the organization.
Scientific validity is an important aspect that the report should uphold. Information contained in the report should have a strong backing of valid scientific facts. For example, when talking about security breach, the report should give details about the time, the files, and log files that were affected. The team should provide readable softcopy or hardcopy printouts to show how the system was compromised and affected (Sammons, 2012). The report should also indicate the tools, as well as the methods used to acquire the evidence, because the court cannot administer wrongly acquired information as evidence in a criminal proceeding. Courts will only accept information acquired following the right scientific and legal procedures and tools.
Legal validity is another key component of digital reports. When writing the report, the forensics teams should always ensure that they are operating within the legal confinement to avoid criminal proceedings against them for breaking important laws that guide digital forensics (Casey, 2011). The report should use legal facts to show that a policy was compromised that led to digital information threat and theft. The team should use various legal guidelines such as HIPAA among others to guide them when writing forensics reports.
In summary, the forensics team should include all the information about the log files, email logs, file uploads, file downloads, and methods used to access the information. During forensic investigations, the investigative team looks for clues about criminal activities through many sources, hardware, and software. They look for evidence through network logs; file downloads, and file uploads, shared files in the storage devices, as well as memory tools such as RAM (Adam, 2016). The report created by the forensics team should summary all the details found on the accessed files and logs. Information captured in the above file is a critical when reporting a digital crime in the court and to the organization. Such information forms the basis of criminal prosecution in the court and a foundation for the organization to strengthen its information and data security policies. Therefore, the report should cover every detail about the accessed files and the information retrieved from them.
The forensic team uses different tools to mine evidence in different devices in the systems. They tools are different are specific to the files that the investigators want to examine. The tools used to analyze the storage devices and those used for live analysis are not the same. For this reason, the report should indicate all the tools and methods used to collect evidence from the system (Adam, 2016). Information about the hardware and software tools used in data collection and analysis is vital when organizing a forensic evidence report. In this case, the tools used are email viewers, image viewers, internet history tools, acquisition tools used for password cracking, and open source data discovery tools. These tools were used for various activities related to data acquisition, preservation, and examination. They were used for acquiring details that vindicated the occurrence of a criminal activity on the computer system.
Information preservation involves ensuring that the data collected during forensic investigations is protected from undue interference and security threats. It is undertaken to protect forensic evidence against security threats, which might come from myriad sources including people within the organization who feel that the process might find them guilty of data theft (Adam, 2016). Data preservation involves converting the information between different formats, for readability, creating images of various documents accessed and analyzed during the investigations, printing all the documents, and archiving them for use during the court proceeding and reporting to the executive members. The information is archived and kept safely in inaccessible storage devices by unauthorized persons.
From the investigation, it is true that the organization needs to tighten its computer network security. It needs to install and maintain firewalls among other security measures that will protect its information from software and hardware threats. The file downloads and uploads showed that someone might have gained unauthorized access into the system and got away with important information (Adam, 2016). The organization also needs to acquire vulnerability resources that will give constant updates about the system vulnerabilities. Vulnerability resources will give the organization important risk and threat update to prevent future attacks on the system.
In conclusion, reporting forensic investigations should be prove scientific validity, follow legal procedures of acquiring forensic data, and align with organizational data policies. Organizational data policies are always in line with statutory regulations specific to the industries the enterprise operates (Casey, 2011). When making the report, the team should provide all pieces of evidence collected, analyzed, and summarized in the report. This gives the report and the process the scientific and legal validity required by the court. If the report fails to meet the legal and scientific requirements, the entire process would be futile.
- Adam, C. (2016). Forensic evidence in court: evaluation and scientific opinion.
- Casey, E. (2011). Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Burlington: Elsevier Science.
- Sammons, J. (2012). The basics of digital forensics: The primer for getting started in digital forensics. Amsterdam: Elsevier/Syngress.