Forensics
Computer Forensic Investigative Analysis Report (CFIAR)
|Incident Report Number |YYYYMMDDII## [year,month,day,II,version] |
|Report Name | |
|Location Category |[internal, external, internet, extranet, etc] |
|Reported Incident Date | |
Table of Contents
Executive Summary 3
1.0 Initial Incident Discovery 4 1.1 Summary 4 1.2 Action Items 4 1.3 Description of system(s) in question 4 1.4 Identified Computer System(s) 4 1.5 Security Mechanisms 4 1.6 Initial Forensic Discovery 4 1.7 Initial Corrective Action 4 1.8 Participants 4
2.0 Forensic Process 4 2.1 Tools 4 2.2 Logs 4
3.0 Results and Findings 4 3.1 Summary 4 3.2 Corrective Actions 4 3.3 Lessons Learned 4
Executive Summary
[Provide a high level overview of what has occurred.]
1.0 Initial Incident Discovery
1.1 Summary
[Summarize the initial discover process and what has been discovered]
1.2 Action Items
[List items that need to be done and who’s assigned to the task]
1.3 Description of system(s) in question
[What functions do the system(s) provide? Where are they on the network? What do the systems have access to?]
1.4 Identified Computer System(s)
[Describe the systems in full technical detail]
1.5 Security Mechanisms
[Are there any security mechanisms in place? Like firewalls, IDS, access lists, etc…]
1.6 Initial Forensic Discovery
|Incident Report Number |YYYYMMDDII## [year,month,day,II,version] |
|Report Name | |
|Location Category |[internal, external, internet, extranet, etc] |
|Reported Incident Date | |
Table of Contents
Executive Summary 3
1.0 Initial Incident Discovery 4 1.1 Summary 4 1.2 Action Items 4 1.3 Description of system(s) in question 4 1.4 Identified Computer System(s) 4 1.5 Security Mechanisms 4 1.6 Initial Forensic Discovery 4 1.7 Initial Corrective Action 4 1.8 Participants 4
2.0 Forensic Process 4 2.1 Tools 4 2.2 Logs 4
3.0 Results and Findings 4 3.1 Summary 4 3.2 Corrective Actions 4 3.3 Lessons Learned 4
Executive Summary
[Provide a high level overview of what has occurred.]
1.0 Initial Incident Discovery
1.1 Summary
[Summarize the initial discover process and what has been discovered]
1.2 Action Items
[List items that need to be done and who’s assigned to the task]
1.3 Description of system(s) in question
[What functions do the system(s) provide? Where are they on the network? What do the systems have access to?]
1.4 Identified Computer System(s)
[Describe the systems in full technical detail]
1.5 Security Mechanisms
[Are there any security mechanisms in place? Like firewalls, IDS, access lists, etc…]
1.6 Initial Forensic Discovery