2016-04-12 Update: Removed broken documents link. Will add to repo.

It took a while, but I finally managed to get out three forms that I feel overcome some deficiencies in samples I have received (Paraben and SEARCH). Primarily, the other forms felt dense, were redundant, or simply did not ask the questions I wanted asked. The Seized Handheld Device Worksheet is targeted at the investigative or first response scenario where a mobile device is discovered. It allows for some basic information to be gathered and operates as a checklist of things to grab while at the scene. The Handheld Analysis Worksheet is aimed at the forensic examiner handling the mobile device. More technical information can be provided than the Seized Handheld Device Worksheet and allows the examiner to note how the device was delivered to them. This form is not intended to replace any generated reports, but rather provide some basic documentation that is not necessarily included in automated tool reports. It also allows for the examiner to note which software was utilized in the large notes section.

Lastly, there is the Digital Evidence Triage Worksheet which focuses on traditional computer and hard drive previews. It allows the examiner to document some basic information. I found that other triage worksheets focused on searches and the BIOS. Inevitably, when I went to write a final report, I found myself double checking my automated tool results with what I checked into the evidence system. This form includes some of those fields to lessen the back-and-forth.

Any suggestions or feedback would be appreciated as they are my first real forms; especially with respect to forensic processing. Scribd may modify the PDFs some and I have yet to test from work (I do  not use Adobe or printers at home), but they are true, digital forms with fields. The notes section is blank and fill-able, but when printed will display lines for easier reading. This makes use of layers which are not correctly handled by Foxit Reader (at least my version). So, if they do not work as suggested, ping me and I will provide another hosting option.

TL;DR

New forms for mobile devices and triage.