1-Page Report

From Forensics Wiki
Revision as of 09:14, 18 July 2013 by Simsong (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The idea of a 1-Page Forensics Report is to have a single page that conveys information about a piece of media, a network capture, or a file.

Disk Forensics 1-Page Report

Thoughts about what should go on the report:

  • OS Release, Version and Patch Level
  • Kernel Release
  • Language
  • Distribution
  • Last Boot
  • Installation Date
  • Per-user information --- how many users? When was each logged on last
  • IP addresses assigned.
  • DHCP information
  • ISPs that were in use
  • DNS information
  • Where the connections came from
  • resolv.conf files on a mac?
  • structured text files
  • windows host file

SMART information from the drive - hours the drive was used

  • dmi decode
  • hdparam
  • smart
  • ishw - apple model #

File systems:

  • most recently edited docs
  • most recently run files
  • HFS superblock?