Task 3: Forensics Report (20 Marks)

In this major task assume you are a Digital Forensics Examiner. Considering a real

or a hypothetical case you are required to produce a formal report consisting of facts

from your findings to your attorney who has retained you. You are free to choose a

forensics scenario which can be the examination of a storage media (HDD, USB

Drive, etc), email or social media forensics, mobile device forensics, cloud forensics

or any other appropriate scenario you can think of.

Deliverable: A forensics report of 1800-2000 words.

Executive Summary or Abstract

This section provides a brief overview of the case, your involvement as an examiner,

authorisation, major findings and conclusion 


Background, scope of engagement, tools and findings

(3 marks)

HD: All elements are present, well expressed, comprehensive and accurate.

Analysis: relevant programs, techniques, graphics


(5 marks)

refer to Figure xx or Appendix xx or Glossary xx for procedures or how to obtain

the results/outcomes

HD: Description of analysis is clear and appropriate programs and techniques are

selected. Very good graphic image analysis.


specific files/images, type of searches, type of evidence, indicators of ownership

(5 marks)

refer to Figure xx or Appendix xx or Glossary xx for procedures or how to obtain

the results/outcomes

HD: A greater detail of findings is provided. Keywords and string searches are listed

very clearly. Evidence found is very convincing. Indication of ownership is very clear.


Summary, Results

(3 marks)

HD: High level summary of results is provided which is consistent with the report.


Must cite references to all material used as sources for the content (May add your

task 1 and 2 references here if any)

(2 marks)

HD: APA 6th edition referencing applied to a range of relevant resources. No

referencing errors. Direct quotes used sparingly. Sources all documented.

Glossary / Appendices:

(2 marks)

HD: Glossary of technical terms used in the report is provided which has generally

acceptable source of definition of the terms and appropriate references are

included. Relevant supporting




