5
CFIAR [insert number] YOUR COMPANY: Business Use Only Computer Forensic Investigative Analysis Report (CFIAR) Incident Report Number YYYYMMDDII## [year,month,day,II,version] Report Name Location Category [internal, external, internet, extranet, etc] Reported Incident Date YOUR COMPANY: Business Use Only 1 of 5

cfiar.doc

Embed Size (px)

DESCRIPTION

Computer Forensic Investigative Analysis Report

Citation preview

Page 1: cfiar.doc

CFIAR [insert number] YOUR COMPANY: Business Use Only

Computer Forensic Investigative Analysis Report (CFIAR)

Incident Report Number YYYYMMDDII## [year,month,day,II,version]

Report Name

Location Category [internal, external, internet, extranet, etc]

Reported Incident Date

YOUR COMPANY: Business Use Only 1 of 5

Page 2: cfiar.doc

CFIAR [insert number] YOUR COMPANY: Business Use Only

Table of Contents

Executive Summary..................................................................................................................................... 3

1.0 Initial Incident Discovery.................................................................................................................. 4

1.1 Summary.................................................................................................................................. 41.2 Action Items.............................................................................................................................. 41.3 Description of system(s) in question.........................................................................................41.4 Identified Computer System(s).................................................................................................41.5 Security Mechanisms...............................................................................................................41.6 Initial Forensic Discovery..........................................................................................................41.7 Initial Corrective Action.............................................................................................................41.8 Participants............................................................................................................................... 4

2.0 Forensic Process.............................................................................................................................. 4

2.1 Tools......................................................................................................................................... 42.2 Logs.......................................................................................................................................... 4

3.0 Results and Findings........................................................................................................................ 4

3.1 Summary.................................................................................................................................. 43.2 Corrective Actions.................................................................................................................... 43.3 Lessons Learned...................................................................................................................... 4

YOUR COMPANY: Business Use Only 2 of 5

Page 3: cfiar.doc

CFIAR [insert number] YOUR COMPANY: Business Use Only

Executive Summary

[Provide a high level overview of what has occurred.]

YOUR COMPANY: Business Use Only 3 of 5

Page 4: cfiar.doc

CFIAR [insert number] YOUR COMPANY: Business Use Only

1.0 Initial Incident Discovery

1.1 Summary[Summarize the initial discover process and what has been discovered]

1.2 Action Items[List items that need to be done and who’s assigned to the task]

1.3 Description of system(s) in question[What functions do the system(s) provide? Where are they on the network? What do the systems have access to?]

1.4 Identified Computer System(s)[Describe the systems in full technical detail]

1.5 Security Mechanisms[Are there any security mechanisms in place? Like firewalls, IDS, access lists, etc…]

1.6 Initial Forensic Discovery[During the initial discovering phase what did you find? Port Scans, modified systems files, strange network traffic, etc…]

1.7 Initial Corrective Action[Before you can fully investigate the problem what are you going to do temporarily to avoid risk and do the analysis? Like the system is removed from the network, apps have been transferred to another system, etc…]

1.8 ParticipantsName Extension Title

2.0 Forensic ProcessProvide the steps used to perform the investigation. This section will vary according to the type of investigation. Add or delete sections as needed.

2.1 Tools[What tools did you use to build your analysis?]

2.2 Logs[Include any relevant logs or proof of system compromise]

3.0 Results and Findings

3.1 Summary[Overview of your findings]

3.2 Corrective Actions[What did you do to correct the problem?]

YOUR COMPANY: Business Use Only 4 of 5

Page 5: cfiar.doc

CFIAR [insert number] YOUR COMPANY: Business Use Only

3.3 Lessons Learned [What can be learned from this analysis so that it doesn’t happen again, and how can it be used to protect other systems in the future?]

YOUR COMPANY: Business Use Only 5 of 5


Star Wars Original Trilogy Trivia (Episodes IV-VI)

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Documents
Do you admire Leonardo da Vinci?

Do you admire Leonardo da Vinci?

Documents
Keyboard Shortcuts for the Opera Browser for Mac OS X

Keyboard Shortcuts for the Opera Browser for Mac OS X

Documents
Basic Buffer Overflows Explained

Basic Buffer Overflows Explained

Documents
Star Wars Prequel Trilogy Trivia (Episodes I-III)

Star Wars Prequel Trilogy Trivia (Episodes I-III)

Documents
Chapter 23

Chapter 23

Documents
Acetone Peroxide

Acetone Peroxide

Documents
18 Tricks to Teach Your Body

18 Tricks to Teach Your Body

Documents
Star Wars Trivia!

Star Wars Trivia!

Documents
Daniel Zanella and Alexander Weygers

Daniel Zanella and Alexander Weygers

Documents
United States Constitution

United States Constitution

Documents
Jan Van Eyck and the Man In A Red Turban

Jan Van Eyck and the Man In A Red Turban

Documents
(Tesla) - The Tesla Magnetic Car Engine

(Tesla) - The Tesla Magnetic Car Engine

Documents
European Colinization of Latin America

European Colinization of Latin America

Documents
Plato - Symposium

Plato - Symposium

Documents
Steve Jobs' Commencement Speech at Stanford

Steve Jobs' Commencement Speech at Stanford

Documents
Effective Parenting: Establishing Boundaries

Effective Parenting: Establishing Boundaries

Documents
How Computer Keyboards Work

How Computer Keyboards Work

Documents
Venture Capital

Venture Capital

Documents
The Dutch Republic In International Trade

The Dutch Republic In International Trade

Documents
Minne hävisivät soneran rahat

Minne hävisivät soneran rahat

Documents
Simple Functions in Haskell

Simple Functions in Haskell

Documents
Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Documents
The Last Carnival I Ever Saw

The Last Carnival I Ever Saw

Documents
Algorithms

Algorithms

Documents
Introduction to Six Sigma

Introduction to Six Sigma

Documents
Heidegger Kritik

Heidegger Kritik

Documents
Barclays1

Barclays1

Documents
Life Is Just A Dream - Or Is It?

Life Is Just A Dream - Or Is It?

Documents
Compressing And Decompressing Folders

Compressing And Decompressing Folders

Documents