Skip to main content

Standard investigation report

Store your reports in a /templates/ folder in your repository. Every report requires the following YAML front-matter followed by the structured sections below. 
---
investigator: your-alias
date: 2025-12-16
objective: "Target Name"
scope: domain + RRSS
status: draft # draft | reviewed | delivered
---

# Executive Summary
(5 lines)

# Primary Sources
- URL | date | capture hash

# Chronology
- 2024-10-01: Domain registration
- 2025-01-15: First leak

# Annexes
- Screenshots folder `/annexes/`
- CSV extracts

Section reference

Executive Summary A concise narrative of no more than five lines summarizing the investigation objective, key findings, and recommended actions. Written for a non-technical audience. Primary Sources A line-by-line list of every source used, each entry recording the URL, the date of access, and the SHA-256 hash of the captured artifact. This section forms the evidentiary chain. Chronology A date-ordered timeline of events relevant to the investigation. Each entry uses ISO 8601 date format (YYYY-MM-DD) followed by a brief description of the event. Annexes Supporting materials that are too large or detailed for the body of the report. Screenshots are stored in the /annexes/ subfolder; structured data is exported as CSV extracts and referenced by filename.

Build docs developers (and LLMs) love

Get started for freeTalk to us