tag:blogger.com,1999:blog-9518042.post5219982633881006186..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: DF Analysis LifecycleUnknownnoreply@blogger.comBlogger4125tag:blogger.com,1999:blog-9518042.post-49383719144189557252011-11-10T09:55:14.853-05:002011-11-10T09:55:14.853-05:00Agree 100%, and appreciate the sharing Harlan. I h...Agree 100%, and appreciate the sharing Harlan. I had just one case from my early days which I had to re-visit a year later - and the notes really took a lot of working on to make sense of. I mean, I wondered "what the heck"<br /><br />On the SANS408 course I attended they said you should run your report through a style analysis tool and if it comes anything higher than a level 12 (or was it 8? - guess that makes sense in USA, not so much in UK), simplify it!Cults14https://www.blogger.com/profile/09327353424676993241noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-89663019832088275112011-11-05T04:28:23.026-05:002011-11-05T04:28:23.026-05:00My old boss told me when producing a report for ma...My old boss told me when producing a report for managers and lawyers write it in crayons as if though for a child in kindergarden. (A bit of hyperbole.) What I tend to do is a clear executive summary followed with heaps of technical attachments to follow. The manager/lawyers tend to only read the executive summary anyway.Paul Harperhttps://www.blogger.com/profile/07542509637337615962noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-80445396622801371092011-11-04T12:18:43.914-05:002011-11-04T12:18:43.914-05:00It's not so much that analysts tend to "o...It's not so much that analysts tend to "over report"...in my experience, it's that they tend to try to make the report too fluffy, b/c they think that the customer will get bored reading the same thing over and over. <br /><br />There is, however, a significant element of over-reporting in some cases. I was once told that customers prefer the "weight test" when it comes to their reports...rather than providing clear, concise answers that they can easily understand and absorb, the attitude seemed to be that the customer wanted massive volumes of data that consumed reams of paper when printed out.<br /><br />I've never understood that one...nor have I ever talked to a customer that agreed with that line of thinking.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-28686867164540144272011-11-04T12:11:59.901-05:002011-11-04T12:11:59.901-05:00Great Posting. I really like the way you break dow...Great Posting. I really like the way you break down the reporting into sections. I think there area group of folks that "Over Report", which sounds odd. Too Much detail can turn off the reader and eventually have you trying to explain something to a Judge and jury that you copied and pasted from an automated report, Just because it was there. Get to the point and put enough detail that in a year or so you can read the report and understand what steps you took to get the results you have. I think whomever reads the work product will be pleased that you have something like the "Executive summary" which you described.<br /><br />Good Stuff.. Thanks<br />RobRobhttps://www.blogger.com/profile/05553397674741084481noreply@blogger.com