There are many different styles of developing forensics case materials. In this course, you are encouraged to find your own method of presentation. However, there are some key elements that are necessary for receiving top scores on the cases.
I will tend to treat each of these equally with the least emphasis on 1. This sounds a bit weird but since the assumption is that you are not an examiner, it is expected you will miss some evidence. Cases in this class tend to be straight forward and simplistic relative to real world cases which are often convoluted, overwhelming, and very lengthy.
A second set of criteria is as follows:
Key Computer Chapter (with password only)
I tend to encourage people to develop their report in the following manner:
Summation Section -- This section contains three key things: 1) A summary of your findings; 2) Bullet points or discussion of critical evidence; and 3)Answers to any questions which were asked of the examiner. Essentially, this could be described as an executive summary and is commonly called this in consulting practise. Be sure you reference key material by page (e.g. Sixteen seperate images of known child pornography were found on the media which can be identified as belonging to Mr. Hart (see pp. 75-91, and Appendix G).
Table of Contents -- Section with page numbers of key sections (learn to use header formats in Word).
Analysis Section -- This contains the grim details. See Phil's tip sheet for what the grim details look like. Be sure and reference materials specifically (e.g. File is found on page 9007 of Appendix X).
Appendices -- These are templated usually and contain, file hashes, your company policies for the following:
Some Case Examples that are "good". When I get a GREAT one, I will add it with your permission.
See the Examples and File Sample pages as well.