Capturing and reporting digital evidence is a delicate process that must be repeatable, verifiable, and legally defensible. In this episode, we focus on how to perform data acquisition properly—whether imaging a hard drive, collecting volatile memory, or retrieving logs from cloud services—and how to ensure that the resulting data is both complete and forensically sound. We explain the role of tools like FTK Imager, EnCase, and command-line utilities that allow analysts to collect data without altering the original system. We also dive into forensic reporting—how to present findings clearly, factually, and in a way that supports both internal remediation and possible legal action. Reports must detail every step taken, include hash values, and avoid subjective language, as they may become part of legal or disciplinary proceedings. When done well, acquisition and reporting transform raw data into credible evidence.