Testifying and writing a report are both essential ingredients to a successful digital forensics investigation. Digital forensics personnel will potentially spend months of time working with complex data and processes. The delivery and result of this work is reflected in the forensics report and then ultimately testified in court. Cohen (2012) discussed the report as integral to the overall investigation. Evidence, analysis, interpretation, and attribution, must ultimately be presented in the form of expert reports, depositions, and testimony. The report will present the data captured during the investigation in a way that can be communicated with other people. In addition to this, it serves as a living record that will be referenced and updated throughout the investigation.
While the report is extremely important to an investigation, it is the testimony that will ultimately yield the fruits of all the labor involved within the process. A solid report that is consistent with all of the facts gathered remains essential for a successful testimony. Carney & Rogers (2004) stress the importance of having a standardized method to approaching the testimony. They also note that forensics experts may leave the jury confused while explaining details of the complex investigative process. Others argue that the presentation of evidence is more an art and should be approached with care. Regardless of how this is viewed, testifying is and will remain the most important part of a forensics investigation and will be the ultimate measure of success or failure.
References:
Cohen, F. B. (2012). Digital forensic evidence examination. Fred Cohen & Associates. Retrieved from: http://all.net/books/2013-DFE-Examination.pdf
Carney, M., & Rogers, M. (2004). The Trojan made me do it: A first step in statistical based computer forensics event reconstruction. International Journal of Digital Evidence, 2(4), 1-11.
