Re: [sleuthkit-users] Presentation of Evidence
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Presentation of Evidence
|
From: Jon N. <qu...@li...> - 2005-03-14 14:44:40
|
Regis Cassidy said:
> In theory, say you are using your digital forensics application. You
> complete your analysis and have now effectively completed you
> investigation. But now you need a way to show and explain everything yo=
u
> did and everything you discovered. You push the "generate report" butto=
n
> and the printer spits out a thick manuscript that details the whole
> entire investigation and you are done and ready to head to court. For
> the manuscript to be complete what all needs to be in it? Please respon=
d
> with you suggestions and sources of where I may obtain more information=
.
Regis,
It is important to note that there is no one report that could be
generated that would fit everyone's needs. My reports will differ betwee=
n
investigations of different natures. Any report generation mechanism
needs to have a great deal of flexibility so an individual can edit the
report to include/remove information pertinent to the specific
investigation.
I have looked into this in the past and thought using wiki to
generate/edit the report would make sense. There are a lot of wiki
modules available at cpan:
http://search.cpan.org/search?query=3Dwiki&mode=3Dall
There should be an interface that allows the user to select/remove every
aspect of the analysis for inclusion in the report. Then the user should
be able to edit the individual entries.
That's my opinion in a nutshell.
Jon
--
Trooper Jon S. Nelson, Linux Certified Admin., CCNA
Pa. State Police, Bureau of Criminal Investigation
Computer Crimes Unit
Work: 484-340-3609 Cell/Page: 866.284.1603
jonelson <at> state <dot> pa <dot> us
|
