- Data Structure
- Networking
- RDBMS
- Operating System
- Java
- MS Excel
- iOS
- HTML
- CSS
- Android
- Python
- C Programming
- C++
- C#
- MongoDB
- MySQL
- Javascript
- PHP
- Physics
- Chemistry
- Biology
- Mathematics
- English
- Economics
- Psychology
- Social Studies
- Fashion Studies
- Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
What is the Computer Forensic Report Format?
Forensics is a method of science to criminal examinations and can incorporate a wide exhibit of sciences from material science to clairvoyants. A measurable report basically and concisely outlines the substantive proof in a criminal case.
Criminological report composing may demonstrate troublesome and overwhelming in light of the fact that it more often than not requests examinations of specialized information, introduced in a comprehensible, simple to-pursue position. By and by, a measurable report basically pursues similar essential principles and conventions expected of any report.
Tools for Generation of Report
The tools used to generate report are as follows −
Raw format
Raw format method is make it possible to write bit-stream data to files
The advantages of raw format are as follows −
Fast data transfers
Ignores minor data read errors on source drive
Most computer forensics tools can read raw format.
The disadvantages of raw format are as follows −
It requires as much storage as the original disk or data.
Tools might not collect marginal (bad) sectors.
Proprietary formats
Most forensics tools have their own formats
The features offered in proprietary format are as follows −
Option to compress or not compress image files.
Can split an image into smaller segmented files.
Can integrate metadata into the image file.
The disadvantages of proprietary format are as follows −
This format has an inability to share an image between different tools.
File size limitation for each segmented volume.
The Expert Witness format is an unofficial standard.
FTK uses and Encases USES.
Advanced forensics format
This format was developed by Dr. Simson L. Garfinkel as an open-source acquisition format. It designs goals and provides compressed or uncompressed image files.
There is No size restriction for disk-to-image files and it can provide space in the image file or segmented files for metadata.
It has simple design with extensibility and is an open-source for multiple platforms and OS. Moreover, its internal consistency checks for self-authentication.
File extensions in advanced forensics format include the following −
.aff – variation that stores all data and metadata in a single file
.afm – variation stores all the data and metadata in separate files
.afd – variation stores all the data and metadata in multiple small files.
AFF is open source
Process for acquiring data
Given below are the steps to acquire data with regards to the Computer Forensic Report Format −
Step 1 − Choose Acquisition Method
Step 2 − Snapshot the System
Step 3 − Acquire Volatile System Data
Step 4 − Securing and Transporting the System
Step 5 − Prepare Drive
Step 6 − Perform Acquisition
Step 7 − Validate
Step 8 − Contingency Planning