Certainly, digital forensics investigations are time-consuming and resource-consumptive but are integral to the continued securitization of an organization's data and the protection of both its customers and its market status. Following a brief overview of the type of information which Digital Investigation Reports are expected to contain, this essay will examine the question of what organizational managers expect to see in these reports and why.
Jones, Bejtlich and Rose (2005) explain that there are several types of digital investigation reports and the structure and content of each is ultimately determined by the person they were written for. If directed to either the IT Manager or the organization's Chief Security Officer, they are extremely detailed. The reports will, customarily, include all the relevant information surrounding the incident, the tools which were used to detect the penetration or attempted penetration, its consequences and the technologies employed for the investigation of the incident. The results of the investigation are comprehensively detailed. ...
Digital investigation reports which are forwarded to the organization's Legal Department are similar to those composed for the Finance and Accounting departments (Jones, Bejtlich and Rose, 2005).
As indicated above, the composition of digital investigation reports is a complex and complicated process. This is not simply because of their intricately detailed nature but because several reports are generated and the style and content of each differs according to intended recipient.
3 Reports to Management
Digital Investigations Reports addressed to management are, quite possibly, the most important of all the digital forensic reports prepared by the organization. The reason, as explained by the IT Director, is that the organization's top management are its decision-makers; they allocate the budget and resources necessary for such investigations and, importantly, make the decision on follow-up action. These reports tell management what happened, the extent of the damages, if any, and why the incident occurred in the first place. Importantly, these reports may also contain suggestions for the avoidance of future incidents. From the IT Director's perspective, the reports addressed to management are intended to provide them with the information needed for them to arrive at a decision on future action and reaction.
Stephenson (2003) similarly emphasizes the importance of the digital investigation reports submitted to management. As he argues, the information contained in these reports undoubtedly influence management decisions regarding subsequent action. For example, if the investigations revealed the incident to be serious and