Incident Timeline & Reporting Templates

During a forensic investigation, effective note-taking is essential. This can include building timelines, recording Indicators of Compromise (IOCs), or writing full investigation reports. You’re encouraged to use your own documentation style and preferred formats. However, if you’d like a starting point, we’ve provided the following templates:

Incident Timeline Template (Spreadsheet)
PWF Report Template (Word Document)

For a comprehensive overview on how to use an incident tracker timeline consider the Crowdstrike Incident Response Tracker and documentation provided.

Incident Timeline & Reporting Templates

Training Waitlist