Digital Forensic Expert Opinion

Investigation Report

Case Against: Case Name

Case No: #########

Report compiled by Examiner Name followed by

qualifications.
Company Name
Address line 1
Address line 2
Date of investigation Day Month Year

Date report compiled Day Month Year

Endorsement
The contents of this report are the result of an investigation undertaken by myself, and I
hereby confirm that:

1. The investigation was conducted in accordance with the UK ACPO principles.

2. The software and hardware used to support this investigation were prepared and
used in a manner designed to assure the forensic integrity of both the process and
its outcomes.
3. The opinions presented at the end of this report are mine and mine alone and are
based solely on the evidence found.

Signed by Your Name [ Your Signature ]

Date [ Day Month Year ]

Executive Summary

A high-level overview of the key findings and recommendations without delving into
technical details. It serves as a brief but comprehensive snapshot for executives and
stakeholders who may not have a technical background.
Remember that the executive summary should be concise, clear, and easily digestible for
non-technical readers. It should motivate them to delve into the detailed sections of the full
report if needed.
What you can include:
 Briefly introduce the purpose and scope of the digital forensic investigation.
 Mention the date range and specific systems or devices investigated.
 Provide a concise description of the incident that triggered the investigation.
 Outline the main findings of the investigation in a clear and organised manner.
 Highlight significant evidence or artefacts discovered during the analysis.
 Sum up the overall significance of the findings
Contents
1. Credentials of the Investigator.......................................................................................................4
2. Purpose of the Investigation..........................................................................................................4
3. Target Systems and Devices...........................................................................................................4
4. Software to be Used in Support of the Investigation.....................................................................4
5. Investigation Methodology............................................................................................................5
6. A Graphical Timeline of the incident..............................................................................................5
7. Evidence Acquisition......................................................................................................................6
8. Analysis of the Evidence................................................................................................................6
9. Summary and Finding in Relation to the Case...............................................................................6
References.............................................................................................................................................6
Appendix 1.............................................................................................................................................6
 1. Credentials of the Investigator

Introduce yourself and your role within your organisation. Make sure to include the
following:
 Work experience
 Number of years
 Qualifications
 Training
 Memberships
 LinkedIn, Google Scholar….. links
 etc

2. Purpose of the Investigation

Case background: You can include the summary of the case brief here:

Why do they need you to investigate, and what is the scope of the investigation?

3. Target Systems and Devices

Item #1 – Can be described as

[insert photo here] [insert photo here]

[insert photo here] [insert photo here]

4. Software to be Used in Support of the

Investigation.
All software utilised in this examination is fully licensed and registered to [Agency Name] or its
agents. All software and forensic hardware have been validated pursuant to [Agency Name] policies
and procedures.

Name all tools that you will use during your investigation.

OpenText Encase [1], Volatile memory extraction utility framework [2], are used to analyse the digital
evidence ………. Where the Encase is used to ...
 5. Investigation Methodology
 Identification
 Define the scope and objectives of the investigation.
 Identify the systems, devices, or networks involved in the incident.
 Determine the type of digital evidence that may be relevant.

 Preservation
 Integrity of the digital evidence.
 Imaging
 chain of custody

 Collection
 Examination and Analysis
 Documentation
 Reporting
 Presentation of Findings

6. A Graphical Timeline of the incident

https://cfreds-archive.nist.gov/data_leakage_case/data-leakage-case.html
 7. Evidence Acquisition
How you collected the evidence, Images, Network capture, Memory Dump, etc

8. Analysis of the Evidence

The biggest and detailed technical analysis section of the digital evidence

9. Summary and Finding in Relation to the Case.

Write Your opinion here based on your analysis of the evidence.
Also, you can create a section called Case summary or conclusion

References
[1] OpenText Corporation, “EnCase V23.3 Forensic Training Software.” 2023. Accessed: Nov. 24, 2023.
[Online]. Available: https://www.opentext.com/products/encase-forensic

[2] Volatility Foundation, “Volatile Memory Extraction Utility Framework V3 2.5.0.” Accessed: Nov. 24,
2023. [Online]. Available: https://github.com/volatilityfoundation/volatility3

Appendix 1