Digital Forensics
11
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Expert Witness and Report Writing - II November 26, 2008
description
Digital Forensics. Dr. Bhavani Thuraisingham The University of Texas at Dallas Expert Witness and Report Writing - II November 26, 2008. Outline. Report Writing for High tech investigations Expert Testimony in High tech investigation Reference: Chapter 14, 15 of Textbook. Report Writing. - PowerPoint PPT Presentation
Transcript of Digital Forensics
Digital Forensics
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Expert Witness and Report Writing - II
November 26, 2008
Outline
Report Writing for High tech investigations Expert Testimony in High tech investigation Reference: Chapter 14, 15 of Textbook
Report Writing
Understanding the Importance of Reports
- Limiting report to specifics
- Types of reports Guidelines for writing reports
- What to include in preliminary reports
- Report structure
- Writing reports clearly
- Designing layout and presentation of reports
- References Generating report with forensics tools
Understanding the importance of reports
Reports are the means to communicate effectively the findings of the expert witness
Therefore reports have to be specific and to the point Reports could be verbal reports or most often written reports
Guidelines for writing reports
Preliminary reports may include tentative conclusions – this could be interim reports
Final reports must have structure
- Abstract, Table of contents, Body of report, Conclusions, Reference, Glossary, Acknowledgements, Appendix,
Actual References may have to attached to the report. Writing style has to be precise
- Need to communicate well, Grammar and vocabulary are crucial, Punctuation and spelling have to be correct
- Need to justify all conclusions.
Using Forensics Tools
Many tools like ENCASE have report writing capabilities Advantages of using these tools is that can include screen shots
directly from the tools Chapter 14 describes the use of both ProDiscover and FTK for
writing reports
Expert Testimony
Preparing for Testimony Testifying in Court Preparing for a deposition or hearing Preparing forensic evidence
Preparing for Testimony
Be very thorough with your report Document the evidence and prepare it in a format that can be
understood Be prepared to explain every sentence in your report and
evidence Have a current resume Know all the definitions Need to deal with the news media
Testifying in Court
Be prepared for intense cross examination Think before you say anything and be prepared to justify all your
statements Learn about testifying during direct examination (questions from
your attorney) and testifying during cross examination (opposition’s attorney)
Review the details in Lecture #29 More details in Chapter 15
Preparing for a Deposition or Hearing
Deposition is not testifying in court There are no judge and jury Both attorneys are present and ask questions Hearing is similar to a deposition and can be carried out in an
administrative agency or legislative body or court
Using Forensics Tools for Testimony
Tools like ENCASE can be used to gather information needed for testimony
Similar to generating reports Chapter 15 describes how Prodiscover and FTK can be used to
prepare testimony
