Create 07-reporting-structure.md

Author: ngvuthdanhh

operations/07-reporting-structure.md

@@ -0,0 +1,29 @@
+# 07 — Reporting Structure
+
+## Standard DFIR Report Structure
+1. Executive Summary  
+2. Scope & Objectives  
+3. Methodology  
+4. Findings  
+5. Evidence References  
+6. Impact Assessment  
+7. Recommendations  
+8. Appendices  
+
+## Writing Clear Findings
+- Convert raw data into narrative.
+- Explain why a finding matters.
+- Link evidence → conclusion → impact.
+
+## Evidence Citation Rules
+- Include artifact name, path, timestamp.
+- Reference hashes for integrity.
+
+## Confidence Levels
+- High: Multiple confirming artifacts  
+- Medium: Partial confirmation  
+- Low: Hypothesis with limited support  
+
+## Assumption Tracking
+- Label assumptions openly.
+- Update as investigation evolves.