CFIAR [insert number]

YOUR COMPANY: Business Use Only

Computer Forensic Investigative Analysis

Report (CFIAR)
Incident Report Number

YYYYMMDDII## [year,month,day,II,version]

Report Name
Location Category

[internal, external, internet, extranet, etc]

Reported Incident Date

YOUR COMPANY: Business Use Only

1 of 5

CFIAR [insert number]

YOUR COMPANY: Business Use Only

Table of Contents
Executive Summary................................................................................................................................... 3
1.0 Initial Incident Discovery..................................................................................................................... 4
1.1 Summary...................................................................................................................................... 4
1.2 Action Items.................................................................................................................................. 4
1.3 Description of system(s) in question............................................................................................. 4
1.4 Identified Computer System(s)..................................................................................................... 4
1.5 Security Mechanisms.................................................................................................................... 4
1.6 Initial Forensic Discovery.............................................................................................................. 4
1.7 Initial Corrective Action................................................................................................................. 4
1.8 Participants................................................................................................................................... 4
2.0 Forensic Process................................................................................................................................. 4
2.1 Tools............................................................................................................................................. 4
2.2 Logs.............................................................................................................................................. 4
3.0 Results and Findings........................................................................................................................... 4
3.1 Summary...................................................................................................................................... 4
3.2 Corrective Actions......................................................................................................................... 4
3.3 Lessons Learned ......................................................................................................................... 5

YOUR COMPANY: Business Use Only

2 of 5

CFIAR [insert number]

YOUR COMPANY: Business Use Only

Executive Summary
[Provide a high level overview of what has occurred.]

YOUR COMPANY: Business Use Only

3 of 5

CFIAR [insert number]

YOUR COMPANY: Business Use Only

1.0 Initial Incident Discovery

1.1 Summary
[Summarize the initial discover process and what has been discovered]

1.2 Action Items

[List items that need to be done and whos assigned to the task]

1.3 Description of system(s) in question

[What functions do the system(s) provide? Where are they on the network? What do the systems have access
to?]

1.4 Identified Computer System(s)

[Describe the systems in full technical detail]

1.5 Security Mechanisms

[Are there any security mechanisms in place? Like firewalls, IDS, access lists, etc]

1.6 Initial Forensic Discovery

[During the initial discovering phase what did you find? Port Scans, modified systems files, strange network
traffic, etc]

1.7 Initial Corrective Action

[Before you can fully investigate the problem what are you going to do temporarily to avoid risk and do the
analysis? Like the system is removed from the network, apps have been transferred to another system, etc]

1.8 Participants
Name

Extension

Title

2.0 Forensic Process

Provide the steps used to perform the investigation. This section will vary according to the type of investigation.
Add or delete sections as needed.

2.1 Tools
[What tools did you use to build your analysis?]

2.2 Logs
[Include any relevant logs or proof of system compromise]

3.0 Results and Findings

3.1 Summary
[Overview of your findings]

3.2 Corrective Actions

[What did you do to correct the problem?]
YOUR COMPANY: Business Use Only

4 of 5

CFIAR [insert number]

YOUR COMPANY: Business Use Only

3.3 Lessons Learned

[What can be learned from this analysis so that it doesnt happen again, and how can it be used to protect
other systems in the future?]

YOUR COMPANY: Business Use Only

5 of 5