1 / 44

COS 413

COS 413. Day 23. Agenda. Assignment 7 not corrected yet Will be corrected tomorrow Second Capstone Progress reports OVER Due Did not receive any reports Lab 8 Write up due Nov 19 (tomorrow) Lab 9 & 10 in N105 tomorrow Kidnapping case will run through Dec 12 Quiz 3 Corrected

elvis-cline
Download Presentation

COS 413

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COS 413 Day 23

  2. Agenda • Assignment 7 not corrected yet • Will be corrected tomorrow • Second Capstone Progress reports OVER Due • Did not receive any reports • Lab 8 Write up due Nov 19 (tomorrow) • Lab 9 & 10 in N105 tomorrow • Kidnapping case will run through Dec 12 • Quiz 3 Corrected • 4 A’s, 4 B;s and 1 C • Essays should be scored on 6 points and not 5 • Discussion on Report Writing for High-Tech Investigations

  3. Lectures Today Chap 14 Nov 21 Chap 14 Assignment 8 Due Nov 25 Chap 15 Dec 2 Chap 15 Assignment 9 Due Dec 5 Chap 16 Dec 9 Chap 16 Assignment 10 Due Dec 12 Quiz 4 Chap 13, 14 & 15 Labs Nov 19 – Final lab part 1 – Kidnapping case N105 Nov 28 – thanksgiving break Dec 3 – Final lab part 2 – Kidnapping case Dec 10 – Final lab part 3 – Kidnapping case Final lab will count as two labs (lab 9 &10) Write-up will be due Dec 12 Capstone presentations Dec 19 @ 1 PM Rest of Semester

  4. Guide to Computer Forensics and InvestigationsThird Edition Chapter 14 Report Writing for High-Tech Investigations

  5. Objectives • Explain the importance of reports • Describe guidelines for writing reports • Explain how to use forensics tools to generate reports Guide to Computer Forensics and Investigations

  6. References • Two References • Federal Rules of Evidence • http://www.law.cornell.edu/rules/fre/ • Federal Rules of Civil Procedures • http://www.law.cornell.edu/rules/frcp/

  7. Understanding the Importance of Reports • Communicate the results of your investigation • Including your expert opinion • Courts require expert witness to submit written reports • Written report must specify fees paid for the expert’s services • And list all other civil or criminal cases in which the expert has testified • Deposition banks • Examples of expert witness’ previous testimonies • http://www.trialsmith.com/TS/ Guide to Computer Forensics and Investigations

  8. Limiting a Report to Specifics • All reports to clients should start with the job mission or goal • Find information on a specific subject • Recover certain significant documents • Recover certain types of files • Before you begin writing, identify your audience and the purpose of the report Guide to Computer Forensics and Investigations

  9. Types of Reports • Computer forensics examiners are required to create different types of reports • Examination plan • What questions to expect when testifying • Attorney uses the examination plan to guide you in your testimony • You can propose changes to clarify or define information • Helps your attorney learn the terms and functions used in computer forensics Guide to Computer Forensics and Investigations

  10. Guide to Computer Forensics and Investigations

  11. Types of Reports (continued) • Verbal report • Less structured • Attorneys cannot be forced to release verbal reports • Preliminary report • Addresses areas of investigation yet to be completed • Tests that have not been concluded • Interrogatories • Document production • Depositions Guide to Computer Forensics and Investigations

  12. Types of Reports (continued) • Written report • Affidavit or declaration • Limit what you write and pay attention to details • Include thorough documentation and support of what you write Guide to Computer Forensics and Investigations

  13. Investigation Reports For civil cases, The United States District Courts require that expert witnesses submit written reports. State courts are also starting to require reports from expert witnesses. Rule 26 of the Federal Rules of Civil Procedure requires that the written report include: • All opinions • The basis for the opinions • The information that was considered in coming to the opinions • Related exhibits, such as photographs or diagrams • The curriculum vitae of the witness that lists all publications the witness wrote during the preceding ten years • The fees paid for the expert’s services • A list of all other civil or criminal cases in which the expert has testified, in trial and deposition as an expert, for the preceding four years

  14. Expressing an Opinion • Although it is not used as much today, the long preferred method for expressing an opinion has been to frame a hypothetical question based on factual evidence that is available. • Example: • Attorney: Mr. Expert, In your opinion, if you where asked to forensically examine a floppy disk and in the course of the forensics examination you discovered legible data in the unallocated portions of the disc, would you find this suspicious? Guide to Computer Forensics and Investigations

  15. Expressing an Opinion As an expert witness, you may testify to an opinion, or conclusion, if four basic conditions are met: 1. The opinion, inferences, or conclusions, depend on special knowledge, skill, or training not within the ordinary experience of lay jurors. 2. The witness must be shown to be qualified as a true expert in the particular field of expertise. Guide to Computer Forensics and Investigations

  16. Expressing an Opinion 3. The witness must testify to a reasonable degree of certainty regarding his or her opinion, inference, or conclusion. 4. Expert witness’s must first describe the data on what the opinion, inference, or conclusion, is based or, in the alternative, he or she must testify in response to a hypothetical question that sets forth the underlying evidence. Guide to Computer Forensics and Investigations

  17. Guide to Computer Forensics and Investigations

  18. Guidelines for Writing Reports • Hypothetical questions based on factual evidence • Less favored today • Guide and support your opinion • Can be abused and overly complex • Opinions based on knowledge and experience • Exclude from hypothetical questions • Facts that can change, cannot be used, or are not relevant to your opinion Guide to Computer Forensics and Investigations

  19. Guidelines for Writing Reports (continued) • As an expert witness, you may testify to an opinion, or conclusion, if four basic conditions are met: • Opinion, inferences, or conclusions depend on special knowledge or skills • Expert should qualify as a true expert • Expert must testify to a certain degree of certainty • Experts must describe facts on which their opinions are based, or they must testify to a hypothetical question Guide to Computer Forensics and Investigations

  20. What to Include in Written Preliminary Reports • Anything you write down as part of your examination for a report • Subject to discovery from the opposing attorney • Considered high-risk documents • Spoliation • Destroying the report could be considered destroying or concealing evidence • Include the same information as in verbal reports Guide to Computer Forensics and Investigations

  21. What to Include in Written Preliminary Reports (continued) • Additional items to include in your report: • Summarize your billing to date and estimate costs to complete the effort • Identify the tentative conclusion (rather than the preliminary conclusion) • Identify areas for further investigation and obtain confirmation from the attorney on the scope of your examination Guide to Computer Forensics and Investigations

  22. Report Structure • Structure • Abstract • Table of contents • Body of report • Conclusion • References • Glossary • Acknowledgements • Appendixes Guide to Computer Forensics and Investigations

  23. Writing Reports Clearly • Consider • Communicative quality • Ideas and organization • Grammar and vocabulary • Punctuation and spelling • Lay out ideas in logical order • Build arguments piece by piece • Group related ideas and sentences into paragraphs • Group paragraphs into sections Guide to Computer Forensics and Investigations

  24. Writing Reports Clearly (continued) • Avoid jargon, slang, and colloquial terms • Define technical terms • Consider your audience • Consider writing style • Use a natural language style • Avoid repetition and vague language • Be precise and specific • Use active rather than passive voice • Avoid presenting too many details and personal observations Guide to Computer Forensics and Investigations

  25. Writing Reports Clearly (continued) • Include signposts • Draw reader’s attention to a point • Writing Style guides • http://www.lib.ipfw.edu/1063.0.html • http://www.calstatela.edu/library/styleman.htm Guide to Computer Forensics and Investigations

  26. Designing the Layout and Presentation of Reports • Decimal numbering structure • Divides material into sections • Readers can scan heading • Readers see how parts relate to each other • Legal-sequential numbering • Used in pleadings • Roman numerals represent major aspects • Arabic numbers are supporting information Guide to Computer Forensics and Investigations

  27. Designing the Layout and Presentation of Reports (continued) • Providing supporting material • Use material such as figures, tables, data, and equations to help tell the story as it unfolds • Formatting consistently • How you format text is less important than being consistent in applying formatting • Explaining examination and data collection methods • Explain how you studied the problem, which should follow logically from the purpose of the report Guide to Computer Forensics and Investigations

  28. Designing the Layout and Presentation of Reports (continued) • Including calculations • If you use any hashing algorithms, be sure to give the common name • Providing for uncertainty and error analysis • Protect your credibility • Explaining results and conclusions • Explain your findings, using subheadings to divide the discussion into logical parts • Save broader generalizations and summaries for the report’s conclusion Guide to Computer Forensics and Investigations

  29. Designing the Layout and Presentation of Reports (continued) • Providing references • Cite references by author’s last name and year of publication • Follow a standard format • Including appendixes • You can include appendixes containing material such as raw data, figures not used in the body of the report, and anticipated exhibits • Arrange them in the order referred to in the report Guide to Computer Forensics and Investigations

  30. Example reports & resources • http://www.vpcomm.umich.edu/admissions/legal/expert/gurintoc.html • http://www.vpcomm.umich.edu/admissions/legal/expert/steele.html • http://www.elawexchange.com/index.php?option=com_content&view=article&id=89:selecting-forensics-expert&catid=77:computer-forensics- • http://federalevidence.com/node/202 • http://www.strozllc.com/services/xprServiceDetailSF.aspx?xpST=ServiceDetail&service=1&op=Pubs Guide to Computer Forensics and Investigations

  31. Generating Report Findings with Forensics Software Tools • Forensics tools generate reports when performing analysis • Report formats • Plaintext • Word processor • HTML format Guide to Computer Forensics and Investigations

  32. Using ProDiscover Basic to Generate Reports • Create a new project • Add an image file to the project • Search for file extensions Guide to Computer Forensics and Investigations

  33. Guide to Computer Forensics and Investigations

  34. Using ProDiscover Basic to Generate Reports (continued) Guide to Computer Forensics and Investigations

  35. Using FTK Demo to Generate Reports • Create a new case • Add evidence to the case • Analyze evidence with FTK • Look for image files • Locate encrypted files • Search for specific keywords • Indexed search • Live search Guide to Computer Forensics and Investigations

  36. Using FTK Demo to Generate Reports (continued) Guide to Computer Forensics and Investigations

  37. Using FTK Demo to Generate Reports (continued) Guide to Computer Forensics and Investigations

  38. Using FTK Demo to Generate Reports (continued) • Create bookmarks • Generate a report from your bookmarks Guide to Computer Forensics and Investigations

  39. Using FTK Demo to Generate Reports (continued) Guide to Computer Forensics and Investigations

  40. Using FTK Demo to Generate Reports (continued) Guide to Computer Forensics and Investigations

  41. Using FTK Demo to Generate Reports (continued) Guide to Computer Forensics and Investigations

  42. Summary • All U.S. district courts and many state courts require expert witnesses to submit written reports • Attorneys use deposition banks to research expert witnesses’ previous testimony • Reports should answer the questions you were retained to answer • A well-defined report structure contributes to readers’ ability to understand the information you’re communicating Guide to Computer Forensics and Investigations

  43. Summary (continued) • Clarity of writing is critical to a report’s success • Convey a tone of objectivity and be detached in your observations Guide to Computer Forensics and Investigations

More Related