1 page report
The idea of a 1-Page Forensics Report is to have a single page that conveys information about a piece of media, a network capture, or a file.
Disk Forensics 1-Page Report
Thoughts about what should go on the report:
- OS Release, Version and Patch Level
- Kernel Release
- Language
- Distribution
- Last Boot
- Installation Date
- Per-user information --- how many users? When was each logged on last
- IP addresses assigned.
- DHCP information
- ISPs that were in use
- DNS information
- Where the connections came from
- resolv.conf files on a mac?
- structured text files
- windows host file
SMART information from the drive - hours the drive was used
- dmi decode
- hdparam
- smart
- ishw - apple model #
File systems:
- most recently edited docs
- most recently run files
- HFS superblock?