Upload
abdul-rasheed
View
10
Download
2
Embed Size (px)
DESCRIPTION
Computer Forensic Investigative Analysis Report
Citation preview
CFIAR [insert number] YOUR COMPANY: Business Use Only
Computer Forensic Investigative Analysis Report (CFIAR)
Incident Report Number YYYYMMDDII## [year,month,day,II,version]
Report Name
Location Category [internal, external, internet, extranet, etc]
Reported Incident Date
YOUR COMPANY: Business Use Only 1 of 5
CFIAR [insert number] YOUR COMPANY: Business Use Only
Table of Contents
Executive Summary..................................................................................................................................... 3
1.0 Initial Incident Discovery.................................................................................................................. 4
1.1 Summary.................................................................................................................................. 41.2 Action Items.............................................................................................................................. 41.3 Description of system(s) in question.........................................................................................41.4 Identified Computer System(s).................................................................................................41.5 Security Mechanisms...............................................................................................................41.6 Initial Forensic Discovery..........................................................................................................41.7 Initial Corrective Action.............................................................................................................41.8 Participants............................................................................................................................... 4
2.0 Forensic Process.............................................................................................................................. 4
2.1 Tools......................................................................................................................................... 42.2 Logs.......................................................................................................................................... 4
3.0 Results and Findings........................................................................................................................ 4
3.1 Summary.................................................................................................................................. 43.2 Corrective Actions.................................................................................................................... 43.3 Lessons Learned...................................................................................................................... 4
YOUR COMPANY: Business Use Only 2 of 5
CFIAR [insert number] YOUR COMPANY: Business Use Only
Executive Summary
[Provide a high level overview of what has occurred.]
YOUR COMPANY: Business Use Only 3 of 5
CFIAR [insert number] YOUR COMPANY: Business Use Only
1.0 Initial Incident Discovery
1.1 Summary[Summarize the initial discover process and what has been discovered]
1.2 Action Items[List items that need to be done and who’s assigned to the task]
1.3 Description of system(s) in question[What functions do the system(s) provide? Where are they on the network? What do the systems have access to?]
1.4 Identified Computer System(s)[Describe the systems in full technical detail]
1.5 Security Mechanisms[Are there any security mechanisms in place? Like firewalls, IDS, access lists, etc…]
1.6 Initial Forensic Discovery[During the initial discovering phase what did you find? Port Scans, modified systems files, strange network traffic, etc…]
1.7 Initial Corrective Action[Before you can fully investigate the problem what are you going to do temporarily to avoid risk and do the analysis? Like the system is removed from the network, apps have been transferred to another system, etc…]
1.8 ParticipantsName Extension Title
2.0 Forensic ProcessProvide the steps used to perform the investigation. This section will vary according to the type of investigation. Add or delete sections as needed.
2.1 Tools[What tools did you use to build your analysis?]
2.2 Logs[Include any relevant logs or proof of system compromise]
3.0 Results and Findings
3.1 Summary[Overview of your findings]
3.2 Corrective Actions[What did you do to correct the problem?]
YOUR COMPANY: Business Use Only 4 of 5
CFIAR [insert number] YOUR COMPANY: Business Use Only
3.3 Lessons Learned [What can be learned from this analysis so that it doesn’t happen again, and how can it be used to protect other systems in the future?]
YOUR COMPANY: Business Use Only 5 of 5