Part 1 of this series illustrated my search for the best application to keep forensic case notes and research. Part 2 covered the organization of the notebook and the various section groups, sections, and pages. In this third and final installment I will discuss how Microsoft OneNote integrates with other applications to both store relevant information and be able to retrieve that information later for generating final reports, emails, etc.
Importing Information into OneNote
The ability to easily get information into Microsoft OneNote is one it’s primary advantages. In addition to the freeform text entry, mentioned in a previous post, OneNote allows you to easily import information from almost any other application. Not only can you copy and paste information into OneNote but Microsoft has provided a Microsoft OneNote printer to allow you to simply print from any application and have it appear in your notebook.
When printing to the Microsoft OneNote printer you are presented with a dialog asking you where you would like to insert the printout into your notebook. You have the option to browse to any location in your notebook as well as add the printout to an existing page or create a new page by selecting a section.
OneNote supports other types of data that can be relevant to a forensic examiner such as images, drawings, and audio are a few examples.
In addition to the OneNote printer and other insert options Microsoft Internet Explorer allows sending a web page directly to OneNote via the right-click menu. FireFox, Chrome, and Safari are not forgotten, and with the addition of the OneNote Clipper add-on you can send information directly from your browser to your OneNote notebook.
The OneNote Clipper allows you to select an entire web page, a region, an article or a bookmark and directly input it to the desired location in your notebook.
The multitude of options provided by OneNote allow you to get the information you need into your forensic notebook, in a searchable format, available quickly when you need it later.
Now that all the information is in OneNote how do we get it out when the time comes to generate the final report or when the need arises to share that information with someone else?
Exporting Information from OneNote
OneNote makes exporting information just as easy as importing. In addition to simply printing a page, OneNote provides the option to email or export the pages in various formats.
From the File Menu in OneNote you have the options to Print, Export, or Share. Printing does just what you would expect, but Export and Share provide the ability to export the page, section, or entire notebook as a OneNote section, a Microsoft Word document, a PDF, or web page.
The export options provided should allow you to get the valuable information you have stored in your notebook to anyone who needs it regardless if they have Microsoft OneNote or not. The Send option under the File menu provides a few additional options such as the ability to email a page or use it for a blog entry.
Emailing a page from your notebook puts the contents of that page directly into the body of the email, so once again the recipient does not have to have OneNote to be able to receive and view the information
Not only does this allow you to share the information but also allows you to take your notes from the notebook and utilize them when drafting your final report.
Note: It is important to note that although Microsoft OneNote is available for both Windows and Mac not all of the importing and exporting options are available on both platforms.
There are a couple of additional features that I find very useful for the forensic examiner that I neglected to mention in previous posts regarding OneNote.
- Previous Versions – OneNote tracks the changes to pages as you make edits. Right-clicking on a page in your notebook and selecting Show Previous Versions shows additional pages that are “snapshots” of the selected page. The changes that were made at that time are highlighted on the page. This feature is great if you need to look back at changes made to your notes or to revert to notes that were removed or changed.
- Edit Tracking – If you share your notebook or have multiple people who make changes to the notebook, OneNote allows you to see who made changes to each page by highlighting the changes and placing the user’s initials next to the changes that they made. This quickly allows you to see who edited the page and what they contributed. You can also right-click on any information in the notebook and the user, date and time the information was last inserted or modified will be shown.
- Date / Time Stamp – Right-clicking and selecting the user tracking shown in the previous picture will insert that same information in line in the text of your page. This is extremely helpful if you want / need to chronologically track when you created notes and have that information show up in the page. Additionally you can insert the current date and / or time directly from the Insert menu within OneNote.
I hope this three-part series on Microsoft OneNote and its uses for your digital forensic notes has been helpful. I also hope it helps you to think of additional ways OneNote can be added to your workflow, not onyl for DFIR, but also other tasks in your daily lives as well.