How exciting. I am a CSIRT manager looking to improve my report writing skills only to find that you are at Hallym U. I was stationed in Chuncheon in 1985 at Camp Page. It's always fun when two totally separate touch points in my life converge like this. I visited Hallym often in 1985. So happy to see it has continued and prospered.
Thank you very much! Already watched the other chapters and intend to watch all. Very important to the people who are starting but also for experienced to recollection of concepts. Would like to ask your support for guidance with the software mainly used to each of the phases and situations.
Thanks a lot. Software really depends on what you are trying to accomplish at the time. You can think of it like acquisition, processing, analysis and reporting. Acquisition might be disk imaging software like Guymager or FTK Imager, or if you are in a live environment it might be LiME or FTK Imager for RAM Acquisition and many other tools for live information collection. Just like acquisition, there are a lot of tools for processing and each do something better than the others. I would start with tools like Autopsy. Once you get a feel for what Autopsy can do, then try other open source and commercial tools. Definitely get a 'core' collection of tools and practice with them until you know them really well. Then start branching out and trying different tools for different problems. The main thing to remember is that the tool is NOT the investigation. You will likely need several tools to do an investigation, and some tools will work better in one case but not another. The tool helps YOU to build a case, but no tool will build the case for you. It's possible to do an entire investigation with only a Hex editor. Most tools just make understanding faster and easier. Ultimately, you will have to propose a hypothesis and support it with evidence.
So can we have images along side with the text in the report to support the proof or explain some thing and can we place page no and paragraph number as reference in the executive summary. Thank you very much for the excellent explanation and guidance
Yes, you can - and should - include images to support claims. Make sure you label the images (see figures in owl.purdue.edu/owl/research_and_citation/ieee_style/tables_figures_and_equations.html). If you have many images, use one in the main text, and create an appendix for the rest of them. Keep the report flow moving and not flooded with images. Yes! Exactly! Do include (some) paragraph reference numbers in the executive summary, but only the most important. People should be able to read the executive summary and get ALL the information they need to make quick decisions about the case.
How exciting. I am a CSIRT manager looking to improve my report writing skills only to find that you are at Hallym U. I was stationed in Chuncheon in 1985 at Camp Page. It's always fun when two totally separate touch points in my life converge like this. I visited Hallym often in 1985. So happy to see it has continued and prospered.
A lot changes, but probably even more stayed the same! So interesting. Let me know if you have any questions or anything I can help with!
Great info
Thank you very much!
Already watched the other chapters and intend to watch all.
Very important to the people who are starting but also for experienced to recollection of concepts. Would like to ask your support for guidance with the software mainly used to each of the phases and situations.
Thanks a lot. Software really depends on what you are trying to accomplish at the time. You can think of it like acquisition, processing, analysis and reporting. Acquisition might be disk imaging software like Guymager or FTK Imager, or if you are in a live environment it might be LiME or FTK Imager for RAM Acquisition and many other tools for live information collection. Just like acquisition, there are a lot of tools for processing and each do something better than the others. I would start with tools like Autopsy. Once you get a feel for what Autopsy can do, then try other open source and commercial tools.
Definitely get a 'core' collection of tools and practice with them until you know them really well. Then start branching out and trying different tools for different problems.
The main thing to remember is that the tool is NOT the investigation. You will likely need several tools to do an investigation, and some tools will work better in one case but not another. The tool helps YOU to build a case, but no tool will build the case for you.
It's possible to do an entire investigation with only a Hex editor. Most tools just make understanding faster and easier. Ultimately, you will have to propose a hypothesis and support it with evidence.
So can we have images along side with the text in the report to support the proof or explain some thing and
can we place page no and paragraph number as reference in the executive summary.
Thank you very much for the excellent explanation and guidance
Yes, you can - and should - include images to support claims. Make sure you label the images (see figures in owl.purdue.edu/owl/research_and_citation/ieee_style/tables_figures_and_equations.html). If you have many images, use one in the main text, and create an appendix for the rest of them. Keep the report flow moving and not flooded with images.
Yes! Exactly! Do include (some) paragraph reference numbers in the executive summary, but only the most important. People should be able to read the executive summary and get ALL the information they need to make quick decisions about the case.
Very good lecture bro 👌
Glad you liked it
sir can u show me the example of report I don't really know how to write though as it is my first time