What is the Computer Forensic Report Format?

Forensics is a method of science to criminal examinations and can incorporate a wide exhibit of sciences from material science to clairvoyants. A measurable report basically and concisely outlines the substantive proof in a criminal case.

Criminological report composing may demonstrate troublesome and overwhelming in light of the fact that it more often than not requests examinations of specialized information, introduced in a comprehensible, simple to-pursue position. By and by, a measurable report basically pursues similar essential principles and conventions expected of any report.

Tools for Generation of Report

The tools used to generate report are as follows −

Raw format

Raw format method is make it possible to write bit-stream data to files

The advantages of raw format are as follows −

  • Fast data transfers

  • Ignores minor data read errors on source drive

  • Most computer forensics tools can read raw format.

The disadvantages of raw format are as follows −

  • It requires as much storage as the original disk or data.

  • Tools might not collect marginal (bad) sectors.

Proprietary formats

Most forensics tools have their own formats

The features offered in proprietary format are as follows −

  • Option to compress or not compress image files.

  • Can split an image into smaller segmented files.

  • Can integrate metadata into the image file.

The disadvantages of proprietary format are as follows −

  • This format has an inability to share an image between different tools.

  • File size limitation for each segmented volume.

  • The Expert Witness format is an unofficial standard.

  • FTK uses and Encases USES.

Advanced forensics format

This format was developed by Dr. Simson L. Garfinkel as an open-source acquisition format. It designs goals and provides compressed or uncompressed image files.

There is No size restriction for disk-to-image files and it can provide space in the image file or segmented files for metadata.

It has simple design with extensibility and is an open-source for multiple platforms and OS. Moreover, its internal consistency checks for self-authentication.

File extensions in advanced forensics format include the following −

  • .aff – variation that stores all data and metadata in a single file

  • .afm – variation stores all the data and metadata in separate files

  • .afd – variation stores all the data and metadata in multiple small files.

  • AFF is open source

Process for acquiring data

Given below are the steps to acquire data with regards to the Computer Forensic Report Format

  • Step 1 − Choose Acquisition Method

  • Step 2 − Snapshot the System

  • Step 3 − Acquire Volatile System Data

  • Step 4 − Securing and Transporting the System

  • Step 5 − Prepare Drive

  • Step 6 − Perform Acquisition

  • Step 7 − Validate

  • Step 8 − Contingency Planning