diff --git a/ghostwriter/api/tests/test_views.py b/ghostwriter/api/tests/test_views.py
index 72a7d9802..6468f4a65 100644
--- a/ghostwriter/api/tests/test_views.py
+++ b/ghostwriter/api/tests/test_views.py
@@ -20,7 +20,7 @@
     ClientFactory,
     DomainFactory,
     DomainStatusFactory,
-    EvidenceFactory,
+    EvidenceOnFindingFactory,
     FindingFactory,
     HistoryFactory,
     OplogEntryFactory,
@@ -974,7 +974,7 @@ class GraphqlDeleteEvidenceActionTests(TestCase):
 
     @classmethod
     def setUpTestData(cls):
-        cls.Evidence = EvidenceFactory._meta.model
+        cls.Evidence = EvidenceOnFindingFactory._meta.model
 
         cls.user = UserFactory(password=PASSWORD)
         cls.uri = reverse("api:graphql_delete_evidence")
@@ -989,8 +989,8 @@ def setUpTestData(cls):
         cls.finding = ReportFindingLinkFactory(report=cls.report)
         cls.other_finding = ReportFindingLinkFactory(report=cls.other_report)
 
-        cls.evidence = EvidenceFactory(finding=cls.finding)
-        cls.other_evidence = EvidenceFactory(finding=cls.other_finding)
+        cls.evidence = EvidenceOnFindingFactory(finding=cls.finding)
+        cls.other_evidence = EvidenceOnFindingFactory(finding=cls.other_finding)
 
     def setUp(self):
         self.client = Client()
diff --git a/ghostwriter/factories.py b/ghostwriter/factories.py
index 7fbdfba02..33221ec72 100644
--- a/ghostwriter/factories.py
+++ b/ghostwriter/factories.py
@@ -406,7 +406,7 @@ class Meta:
     report = factory.SubFactory(ReportFactory)
 
 
-class EvidenceFactory(factory.django.DjangoModelFactory):
+class BaseEvidenceFactory(factory.django.DjangoModelFactory):
     class Meta:
         model = "reporting.Evidence"
 
@@ -414,7 +414,6 @@ class Meta:
     friendly_name = factory.Sequence(lambda n: "Evidence %s" % n)
     caption = Faker("sentence")
     description = Faker("sentence")
-    finding = factory.SubFactory(ReportFindingLinkFactory)
     uploaded_by = factory.SubFactory(UserFactory)
 
     class Params:
@@ -432,6 +431,14 @@ def tags(self, create, extracted, **kwargs):
                 self.tags.add(tag)
 
 
+class EvidenceOnFindingFactory(BaseEvidenceFactory):
+    finding = factory.SubFactory(ReportFindingLinkFactory)
+
+
+class EvidenceOnReportFactory(BaseEvidenceFactory):
+    report = factory.SubFactory(ReportFactory)
+
+
 class ArchiveFactory(factory.django.DjangoModelFactory):
     class Meta:
         model = "reporting.Archive"
diff --git a/ghostwriter/home/management/commands/generate_test_data.py b/ghostwriter/home/management/commands/generate_test_data.py
index 119e8592e..0103e9b6b 100644
--- a/ghostwriter/home/management/commands/generate_test_data.py
+++ b/ghostwriter/home/management/commands/generate_test_data.py
@@ -11,7 +11,7 @@
     ClientFactory,
     DomainFactory,
     DomainServerConnectionFactory,
-    EvidenceFactory,
+    EvidenceOnFindingFactory,
     FindingFactory,
     HistoryFactory,
     OplogEntryFactory,
@@ -267,7 +267,7 @@ def handle(self, *args, **kwargs):
 
                 # Create fake evidence
                 for f in report_findings:
-                    EvidenceFactory(
+                    EvidenceOnFindingFactory(
                         finding=f,
                         uploaded_by=random.choice(assignments).operator,
                     )
diff --git a/ghostwriter/modules/custom_serializers.py b/ghostwriter/modules/custom_serializers.py
index afbb405b5..1fb85992a 100644
--- a/ghostwriter/modules/custom_serializers.py
+++ b/ghostwriter/modules/custom_serializers.py
@@ -196,6 +196,7 @@ class FindingLinkSerializer(TaggitSerializer, CustomModelSerializer):
         source="evidence_set",
         many=True,
         exclude=[
+            "report",
             "finding",
             "uploaded_by",
         ],
@@ -727,6 +728,7 @@ class ReportDataSerializer(CustomModelSerializer):
     deconflictions = DeconflictionSerializer(source="project.deconfliction_set", many=True, exclude=["id", "project"])
     whitecards = WhiteCardSerializer(source="project.whitecard_set", many=True, exclude=["id", "project"])
     infrastructure = ProjectInfrastructureSerializer(source="project")
+    evidence = EvidenceSerializer(source="evidence_set", many=True, exclude=["id", "report", "finding"])
     findings = FindingLinkSerializer(
         source="reportfindinglink_set",
         many=True,
diff --git a/ghostwriter/modules/linting_utils.py b/ghostwriter/modules/linting_utils.py
index 97dfe8edc..66498af94 100644
--- a/ghostwriter/modules/linting_utils.py
+++ b/ghostwriter/modules/linting_utils.py
@@ -461,4 +461,17 @@
         "targets": 1,
     },
     "tools": ["beacon", "covenant", "mythic", "poseidon"],
+    "evidence": [
+        {
+            "id": 1,
+            "file_path": "evidence/2/ghost.png",
+            "url": "/media/evidence/2/ghost.png",
+            "document": "/media/evidence/2/ghost.png",
+            "friendly_name": "Ghostwriter",
+            "upload_date": "2021-03-22",
+            "caption": "Brief Caption for This Evidence",
+            "description": "",
+            "tags": ["tag1", "tag2", "tag3"],
+        }
+    ],
 }
diff --git a/ghostwriter/reporting/forms.py b/ghostwriter/reporting/forms.py
index e02c4ca23..2750a4a85 100644
--- a/ghostwriter/reporting/forms.py
+++ b/ghostwriter/reporting/forms.py
@@ -351,7 +351,7 @@ def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         evidence_upload_url = reverse(
             "reporting:upload_evidence_modal",
-            kwargs={"pk": self.instance.id, "modal": "modal"},
+            kwargs={"parent_type": "finding", "pk": self.instance.id, "modal": "modal"},
         )
         for field in self.fields:
             self.fields[field].widget.attrs["autocomplete"] = "off"
diff --git a/ghostwriter/reporting/migrations/0043_auto_20231116_1810.py b/ghostwriter/reporting/migrations/0043_auto_20231116_1810.py
new file mode 100644
index 000000000..672f8eb56
--- /dev/null
+++ b/ghostwriter/reporting/migrations/0043_auto_20231116_1810.py
@@ -0,0 +1,32 @@
+# Generated by Django 3.2.19 on 2023-11-16 18:10
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('reporting', '0042_auto_20230919_1809'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='evidence',
+            options={'ordering': ['finding', 'report', 'document'], 'verbose_name': 'Evidence', 'verbose_name_plural': 'Evidence'},
+        ),
+        migrations.AddField(
+            model_name='evidence',
+            name='report',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='reporting.report'),
+        ),
+        migrations.AlterField(
+            model_name='evidence',
+            name='finding',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='reporting.reportfindinglink'),
+        ),
+        migrations.AddConstraint(
+            model_name='evidence',
+            constraint=models.CheckConstraint(check=models.Q(models.Q(('finding__isnull', True), ('report__isnull', False)), models.Q(('finding__isnull', False), ('report__isnull', True)), _connector='OR'), name='reporting_evidence_finding_or_report'),
+        ),
+    ]
diff --git a/ghostwriter/reporting/models.py b/ghostwriter/reporting/models.py
index bee6cecb1..c0206aff8 100644
--- a/ghostwriter/reporting/models.py
+++ b/ghostwriter/reporting/models.py
@@ -577,17 +577,38 @@ class Evidence(models.Model):
     )
     tags = TaggableManager(blank=True)
     # Foreign Keys
-    finding = models.ForeignKey("ReportFindingLink", on_delete=models.CASCADE)
+    finding = models.ForeignKey("ReportFindingLink", on_delete=models.CASCADE, null=True, blank=True)
+    report = models.ForeignKey("Report", on_delete=models.CASCADE, null=True, blank=True)
     uploaded_by = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.SET_NULL, null=True, blank=True)
 
     class Meta:
-        ordering = ["finding", "document"]
+        ordering = ["finding", "report", "document"]
         verbose_name = "Evidence"
         verbose_name_plural = "Evidence"
 
+        constraints = [
+            models.CheckConstraint(
+                name="%(app_label)s_%(class)s_finding_or_report",
+                check=(
+                    models.Q(finding__isnull=True, report__isnull=False)
+                    | models.Q(finding__isnull=False, report__isnull=True)
+                )
+            )
+        ]
+
     def get_absolute_url(self):
         return reverse("reporting:evidence_detail", args=[str(self.id)])
 
+    @property
+    def associated_report(self):
+        """
+        The report associated with this evidence, either directly through `self.report` or indirectly through
+        `self.finding.report`.
+        """
+        if self.finding:
+            return self.finding.report
+        return self.report
+
     def __str__(self):
         return f"{self.document.name}"
 
diff --git a/ghostwriter/reporting/signals.py b/ghostwriter/reporting/signals.py
index ed6a69bc4..7d949bbcd 100644
--- a/ghostwriter/reporting/signals.py
+++ b/ghostwriter/reporting/signals.py
@@ -35,7 +35,7 @@ def backup_evidence_values(sender, instance, **kwargs):
 def evidence_update(sender, instance, **kwargs):
     """
     On change, delete the old evidence file in the :model:`reporting.Evidence` instance when a
-    new file is uploaded and update teh related :model:`reporting.ReportFindingLink` instance if
+    new file is uploaded and update the related :model:`reporting.ReportFindingLink` instance if
     the `friendly_name` value changed.
     """
     if hasattr(instance, "_current_evidence"):
@@ -50,7 +50,7 @@ def evidence_update(sender, instance, **kwargs):
                         instance._current_evidence.path,
                     )
 
-    if hasattr(instance, "_current_friendly_name"):
+    if hasattr(instance, "_current_friendly_name") and instance.finding:
         if instance._current_friendly_name != instance.friendly_name:
             ignore = [
                 "id",
diff --git a/ghostwriter/reporting/templates/reporting/evidence_detail.html b/ghostwriter/reporting/templates/reporting/evidence_detail.html
index 6d777ce25..fe91fd8fc 100644
--- a/ghostwriter/reporting/templates/reporting/evidence_detail.html
+++ b/ghostwriter/reporting/templates/reporting/evidence_detail.html
@@ -8,9 +8,9 @@
     <nav aria-label="breadcrumb">
         <ul class="breadcrumb">
             <li class="breadcrumb-item"><a href="{% url 'home:dashboard' %}">Dashboard</a></li>
-            <li class="breadcrumb-item"><a href="{% url 'rolodex:client_detail' evidence.finding.report.project.client.id %}">{{ evidence.finding.report.project.client.name }}</a></li>
-            <li class="breadcrumb-item"><a href="{% url 'rolodex:project_detail' evidence.finding.report.project.id %}">{{ evidence.finding.report.project }}</a></li>
-            <li class="breadcrumb-item"><a href="{% url 'reporting:report_detail' evidence.finding.report.id %}">{{ evidence.finding.report }}</a></li>
+            <li class="breadcrumb-item"><a href="{% url 'rolodex:client_detail' evidence.associated_report.project.client.id %}">{{ evidence.associated_report.project.client.name }}</a></li>
+            <li class="breadcrumb-item"><a href="{% url 'rolodex:project_detail' evidence.associated_report.project.id %}">{{ evidence.associated_report.project.start_date }} {{ evidence.associated_report.project.project_type }}</a></li>
+            <li class="breadcrumb-item"><a href="{% url 'reporting:report_detail' evidence.associated_report.id %}">{{ evidence.associated_report }}</a></li>
             <li class="breadcrumb-item active" aria-current="page">Evidence</li>
         </ul>
     </nav>
@@ -26,7 +26,7 @@
         <div class="dropdown-menu dropdown-menu-right" aria-labelledby="evidence-dropdown-btn">
             <a class="dropdown-item icon edit-icon" href="{% url 'reporting:evidence_update' evidence.id %}">Edit</a>
             <a class="dropdown-item icon trash-icon" href="{% url 'reporting:evidence_delete' evidence.id %}">Delete</a>
-            <a class="dropdown-item icon back-arrow-icon" href="{% url 'reporting:report_detail' evidence.finding.report.id %}">Return to Report</a>
+            <a class="dropdown-item icon back-arrow-icon" href="{% url 'reporting:report_detail' evidence.associated_report.id %}">Return to Report</a>
         </div>
     </div>
 
diff --git a/ghostwriter/reporting/templates/reporting/report_detail.html b/ghostwriter/reporting/templates/reporting/report_detail.html
index 0e31ba02d..454ee51a1 100644
--- a/ghostwriter/reporting/templates/reporting/report_detail.html
+++ b/ghostwriter/reporting/templates/reporting/report_detail.html
@@ -243,7 +243,7 @@ <h4>Current Findings</h4>
                   <td class="align-middle">
                     <a
                       class="icon lg-attach-icon"
-                      href="{% url 'reporting:upload_evidence' finding.id %}"
+                      href="{% url 'reporting:upload_evidence' 'finding' finding.id %}"
                       data-toggle="tooltip"
                       data-placement="top"
                       title="Attach a file as evidence"
@@ -278,7 +278,7 @@ <h4>Current Findings</h4>
                             data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"></button>
                     <div id="finding-dropdown-menu-{{ finding.id }}" class="dropdown-menu"
                          aria-labelledby="dns-dropdown-btn_{{ finding.id }}">
-                      <a class="dropdown-item icon attach-icon" href="{% url 'reporting:upload_evidence' finding.id %}">Attach
+                      <a class="dropdown-item icon attach-icon" href="{% url 'reporting:upload_evidence' 'finding' finding.id %}">Attach
                         Evidence</a>
                       <a class="dropdown-item icon edit-icon"
                          href="{% url 'reporting:local_edit' finding.id %}">Edit</a>
@@ -318,6 +318,42 @@ <h4>Current Findings</h4>
       <p>No findings have been added to this report yet.</p>
     {% endif %}
 
+    {% comment %} Report Evidence Section {% endcomment %}
+    <h4>Report Evidence</h4>
+    <hr>
+
+    <table id="evidences-table" class="table table-sm table-hover">
+      <tbody>
+        {% for evidence_file in report.evidence_set.all %}
+          <tr data-id="{{ evidence_file.id }}">
+            <td class="align-middle"><a href="{% url 'reporting:evidence_detail' evidence_file.id %}">{{evidence_file.friendly_name}}</a></td>
+            <td class="align-middle">
+              <div class="dropdown dropleft">
+                <button
+                  id="evidence-dropdown-btn-{{ evidence_file.id }}"
+                  class="dropdown-menu-btn-table"
+                  data-toggle="dropdown"
+                  aria-haspopup="true"
+                  aria-expanded="false"
+                ></button>
+                <div
+                  id="evidence-dropdown-menu-{{ evidence_file.id }}"
+                  class="dropdown-menu"
+                  aria-labelledby="evidence-dropdown-btn_{{ evidence_file.id }}"
+                >
+                  <a href="{% url 'reporting:evidence_update' evidence_file.id %}" class="dropdown-item icon edit-icon">Edit</a>
+                  <a href="{% url 'reporting:evidence_delete' evidence_file.id %}" class="dropdown-item icon trash-icon">Delete</a>
+                </div>
+            </td>
+          </tr>
+        {% endfor %}
+      </tbody>
+    </table>
+
+    <p class="mt-3"><a class="icon add-icon btn btn-primary col-md-4"
+      href="{% url 'reporting:upload_evidence' 'report' report.id %}" data-toggle="tooltip"
+      data-placement="top" title="Upload evidence, attaching to a report">Upload Evidence</a></p>
+
     {% comment %} Generate Report Sections {% endcomment %}
     <h4>Generate Reports</h4>
     <hr>
diff --git a/ghostwriter/reporting/tests/test_forms.py b/ghostwriter/reporting/tests/test_forms.py
index bbbfb4c5c..f3cf81008 100644
--- a/ghostwriter/reporting/tests/test_forms.py
+++ b/ghostwriter/reporting/tests/test_forms.py
@@ -6,7 +6,8 @@
 
 # Ghostwriter Libraries
 from ghostwriter.factories import (
-    EvidenceFactory,
+    EvidenceOnFindingFactory,
+    EvidenceOnReportFactory,
     FindingFactory,
     FindingNoteFactory,
     LocalFindingNoteFactory,
@@ -241,15 +242,24 @@ def test_complete_field(self):
         self.assertTrue(self.complete_finding.complete)
 
 
-class EvidenceFormTests(TestCase):
+class BaseEvidenceFormTests:
     """Collection of tests for :form:`reporting.EvidenceForm`."""
 
+    @classmethod
+    def factory(cls):
+        raise NotImplementedError()
+
+    @classmethod
+    def querySet(cls):
+        raise NotImplementedError()
+
     @classmethod
     def setUpTestData(cls):
-        cls.Evidence = EvidenceFactory._meta.model
-        cls.evidence = EvidenceFactory()
+        cls.Factory = cls.factory()
+        cls.Evidence = cls.Factory._meta.model
+        cls.evidence = cls.Factory()
         cls.evidence_dict = cls.evidence.__dict__
-        cls.evidence_queryset = cls.Evidence.objects.filter(finding=cls.evidence.finding)
+        cls.evidence_queryset = cls.querySet()
 
     def setUp(self):
         pass
@@ -260,8 +270,6 @@ def form_data(
         friendly_name=None,
         caption=None,
         description=None,
-        finding_id=None,
-        uploaded_by_id=None,
         evidence_queryset=None,
         modal=False,
         **kwargs,
@@ -274,8 +282,6 @@ def form_data(
                 "friendly_name": friendly_name,
                 "caption": caption,
                 "description": description,
-                "finding": finding_id,
-                "uploaded_by": uploaded_by_id,
             },
             files={
                 "document": document,
@@ -303,7 +309,6 @@ def test_blank_evidence(self):
 
     def test_duplicate_friendly_name(self):
         new_evidence = self.evidence_dict.copy()
-        new_evidence["finding"] = self.evidence.finding
         new_evidence["friendly_name"] = self.evidence.friendly_name
 
         form = self.form_data(**new_evidence)
@@ -326,6 +331,26 @@ def test_null_evidence_queryset_argument(self):
         self.assertTrue(form.is_valid())
 
 
+class EvidenceFormForFindingTests(BaseEvidenceFormTests, TestCase):
+    @classmethod
+    def factory(cls):
+        return EvidenceOnFindingFactory
+
+    @classmethod
+    def querySet(cls):
+        return cls.Evidence.objects.filter(finding=cls.evidence.finding)
+
+
+class EvidenceFormForReportTests(BaseEvidenceFormTests, TestCase):
+    @classmethod
+    def factory(cls):
+        return EvidenceOnReportFactory
+
+    @classmethod
+    def querySet(cls):
+        return cls.Evidence.objects.filter(report=cls.evidence.report)
+
+
 class FindingNoteFormTests(TestCase):
     """Collection of tests for :form:`reporting.FindingNoteForm`."""
 
diff --git a/ghostwriter/reporting/tests/test_models.py b/ghostwriter/reporting/tests/test_models.py
index 13e656029..01434076b 100644
--- a/ghostwriter/reporting/tests/test_models.py
+++ b/ghostwriter/reporting/tests/test_models.py
@@ -15,7 +15,7 @@
     ArchiveFactory,
     BlankReportFindingLinkFactory,
     DocTypeFactory,
-    EvidenceFactory,
+    EvidenceOnFindingFactory,
     FindingFactory,
     FindingNoteFactory,
     FindingTypeFactory,
@@ -370,11 +370,11 @@ class EvidenceModelTests(TestCase):
 
     @classmethod
     def setUpTestData(cls):
-        cls.Evidence = EvidenceFactory._meta.model
+        cls.Evidence = EvidenceOnFindingFactory._meta.model
 
     def test_crud_evidence(self):
         # Create
-        evidence = EvidenceFactory(friendly_name="Test Evidence")
+        evidence = EvidenceOnFindingFactory(friendly_name="Test Evidence")
 
         # Read
         self.assertEqual(evidence.friendly_name, "Test Evidence")
@@ -395,18 +395,18 @@ def test_crud_evidence(self):
         assert not os.path.exists(evidence.document.path)
 
     def test_get_absolute_url(self):
-        evidence = EvidenceFactory()
+        evidence = EvidenceOnFindingFactory()
         try:
             evidence.get_absolute_url()
         except:
             self.fail("Evidence.get_absolute_url() raised an exception")
 
     def test_file_extension_validator(self):
-        evidence = EvidenceFactory(document=factory.django.FileField(filename="evidence.PnG", data=b"lorem ipsum"))
+        evidence = EvidenceOnFindingFactory(document=factory.django.FileField(filename="evidence.PnG", data=b"lorem ipsum"))
         self.assertEqual(evidence.filename, "evidence.PnG")
 
     def test_prop_filename(self):
-        evidence = EvidenceFactory()
+        evidence = EvidenceOnFindingFactory()
         try:
             evidence.filename
         except Exception:
@@ -416,7 +416,7 @@ def test_evidence_update_signal(self):
         finding = ReportFindingLinkFactory(
             description="<p>Here is some evidence:</p><p>{{.Evidence}}</p><p>{{.ref Evidence}}</p>"
         )
-        evidence = EvidenceFactory(
+        evidence = EvidenceOnFindingFactory(
             finding=finding,
             friendly_name="Evidence",
             document=factory.django.FileField(filename="evidence.txt", data=b"lorem ipsum"),
@@ -447,7 +447,7 @@ def test_evidence_update_signal(self):
 
         # Regression test for this signal updating a finding with blank fields
         blank = BlankReportFindingLinkFactory()
-        evidence = EvidenceFactory(finding=blank, friendly_name="Blank Test")
+        evidence = EvidenceOnFindingFactory(finding=blank, friendly_name="Blank Test")
         evidence.refresh_from_db()
 
         evidence.friendly_name = "New Name"
diff --git a/ghostwriter/reporting/tests/test_views.py b/ghostwriter/reporting/tests/test_views.py
index 6a0105e77..95bf51d83 100644
--- a/ghostwriter/reporting/tests/test_views.py
+++ b/ghostwriter/reporting/tests/test_views.py
@@ -20,7 +20,8 @@
 from ghostwriter.factories import (
     ClientFactory,
     CompanyInformationFactory,
-    EvidenceFactory,
+    EvidenceOnFindingFactory,
+    EvidenceOnReportFactory,
     FindingFactory,
     FindingNoteFactory,
     FindingTypeFactory,
@@ -295,7 +296,7 @@ def setUpTestData(cls):
         cls.report = ReportFactory()
         cls.Report = ReportFactory._meta.model
         cls.ReportFindingLink = ReportFindingLinkFactory._meta.model
-        cls.Evidence = EvidenceFactory._meta.model
+        cls.Evidence = EvidenceOnFindingFactory._meta.model
         cls.user = UserFactory(password=PASSWORD)
         cls.mgr_user = UserFactory(password=PASSWORD, role="manager")
 
@@ -348,11 +349,11 @@ def test_clone_with_findings(self):
         copied_findings = self.ReportFindingLink.objects.filter(report=report_copy)
         self.assertEqual(len(copied_findings), self.num_of_findings)
 
-    def test_clone_with_evidence_files(self):
+    def test_clone_with_finding_evidence_files(self):
         self.Evidence.objects.all().delete()
         report = ReportFactory()
         finding = ReportFindingLinkFactory(title="Evidence Finding 1", report=report)
-        evidence = EvidenceFactory(finding=finding)
+        evidence = EvidenceOnFindingFactory(finding=finding)
 
         uri = reverse("reporting:report_clone", kwargs={"pk": report.pk})
         response = self.client_mgr.get(uri)
@@ -367,12 +368,51 @@ def test_clone_with_evidence_files(self):
         assert os.path.exists(evidence_copy.document.path)
         self.assertIn(f"ghostwriter/media/evidence/{report_copy.pk}", evidence_copy.document.path)
 
-    def test_clone_with_missing_evidence_file(self):
+    def test_clone_with_missing_finding_evidence_file(self):
         self.Evidence.objects.all().delete()
         report = ReportFactory()
         finding = ReportFindingLinkFactory(title="Evidence Finding 1", report=report)
-        evidence = EvidenceFactory(finding=finding)
-        evidence_missing_file = EvidenceFactory(finding=finding)
+        evidence = EvidenceOnFindingFactory(finding=finding)
+        evidence_missing_file = EvidenceOnFindingFactory(finding=finding)
+
+        # Delete evidence file
+        os.remove(evidence_missing_file.document.path)
+
+        uri = reverse("reporting:report_clone", kwargs={"pk": report.pk})
+        response = self.client_mgr.get(uri)
+        self.assertIn("reporting/reports/", response.url)
+
+        # Check that the evidence with the missing file was not copied
+        evidence_files = self.Evidence.objects.filter(friendly_name=evidence.friendly_name)
+        self.assertEqual(len(evidence_files), 2)
+        evidence_files = self.Evidence.objects.filter(friendly_name=evidence_missing_file.friendly_name)
+        self.assertEqual(len(evidence_files), 1)
+        # Total = 2 from the original report + 1 from the copy
+        self.assertEqual(len(self.Evidence.objects.all()), 3)
+
+    def test_clone_with_report_evidence_file(self):
+        self.Evidence.objects.all().delete()
+        report = ReportFactory()
+        evidence = EvidenceOnReportFactory(report=report)
+
+        uri = reverse("reporting:report_clone", kwargs={"pk": report.pk})
+        response = self.client_mgr.get(uri)
+        self.assertIn("reporting/reports/", response.url)
+
+        evidence_files = self.Evidence.objects.filter(friendly_name=evidence.friendly_name)
+        self.assertEqual(len(evidence_files), 2)
+
+        # Check the evidence file was copied to the new report's directory
+        report_copy = self.Report.objects.latest("id")
+        evidence_copy = evidence_files.latest("id")
+        assert os.path.exists(evidence_copy.document.path)
+        self.assertIn(f"ghostwriter/media/evidence/{report_copy.pk}", evidence_copy.document.path)
+
+    def test_clone_with_missing_report_evidence_file(self):
+        self.Evidence.objects.all().delete()
+        report = ReportFactory()
+        evidence = EvidenceOnReportFactory(report=report)
+        evidence_missing_file = EvidenceOnReportFactory(report=report)
 
         # Delete evidence file
         os.remove(evidence_missing_file.document.path)
@@ -1226,9 +1266,9 @@ class EvidenceDetailViewTests(TestCase):
 
     @classmethod
     def setUpTestData(cls):
-        cls.img_evidence = EvidenceFactory(img=True)
-        cls.txt_evidence = EvidenceFactory(txt=True)
-        cls.unknown_evidence = EvidenceFactory(unknown=True)
+        cls.img_evidence = EvidenceOnFindingFactory(img=True)
+        cls.txt_evidence = EvidenceOnFindingFactory(txt=True)
+        cls.unknown_evidence = EvidenceOnFindingFactory(unknown=True)
         cls.user = UserFactory(password=PASSWORD)
         cls.mgr_user = UserFactory(password=PASSWORD, role="manager")
         cls.img_uri = reverse("reporting:evidence_detail", kwargs={"pk": cls.img_evidence.pk})
@@ -1291,21 +1331,34 @@ def test_custom_context_exists_unknown(self):
         )
 
 
-class EvidenceCreateViewTests(TestCase):
-    """Collection of tests for :view:`reporting.EvidenceCreate`."""
+class BaseEvidenceCreateViewTests:
+    """
+    Base collection of tests for :view:`reporting.EvidenceCreate`.
+
+    Does not inherit from TestCase so that this isn't ran as a test case
+    """
+
+    # Set this to "finding" or "report"
+    PARENT_TYPE = None
+
+    @classmethod
+    def setupEvidenceFactory(cls):
+        """Returns a tuple of the evidence factory and the ID of the parent finding or report"""
+        raise NotImplementedError()
 
     @classmethod
     def setUpTestData(cls):
-        cls.finding = ReportFindingLinkFactory()
-        cls.evidence = EvidenceFactory(finding=cls.finding)
+        (evidence, parent_pk) = cls.setupEvidenceFactory()
+        cls.evidence = evidence
+        cls.parent_pk = parent_pk
         cls.user = UserFactory(password=PASSWORD)
         cls.mgr_user = UserFactory(password=PASSWORD, role="manager")
-        cls.uri = reverse("reporting:upload_evidence", kwargs={"pk": cls.finding.pk})
+        cls.uri = reverse("reporting:upload_evidence", kwargs={"parent_type": cls.PARENT_TYPE, "pk": parent_pk})
         cls.modal_uri = reverse(
             "reporting:upload_evidence_modal",
-            kwargs={"pk": cls.finding.pk, "modal": "modal"},
+            kwargs={"parent_type": cls.PARENT_TYPE, "pk": parent_pk, "modal": "modal"},
         )
-        cls.success_uri = reverse("reporting:report_detail", args=(cls.finding.report.pk,))
+        cls.success_uri = reverse("reporting:report_detail", args=(cls.evidence.associated_report.pk,))
         cls.modal_success_uri = reverse("reporting:upload_evidence_modal_success")
 
     def setUp(self):
@@ -1334,7 +1387,7 @@ def test_custom_context_exists(self):
         self.assertIn("cancel_link", response.context)
         self.assertEqual(
             response.context["cancel_link"],
-            reverse("reporting:report_detail", kwargs={"pk": self.finding.report.pk}),
+            reverse("reporting:report_detail", kwargs={"pk": self.evidence.associated_report.pk}),
         )
 
     # Testing modal form view
@@ -1349,7 +1402,7 @@ def test_view_modal_requires_login_and_permissions(self):
         response = self.client_auth.get(self.modal_uri)
         self.assertEqual(response.status_code, 302)
 
-        ProjectAssignmentFactory(project=self.finding.report.project, operator=self.user)
+        ProjectAssignmentFactory(project=self.evidence.associated_report.project, operator=self.user)
         response = self.client_auth.get(self.modal_uri)
         self.assertEqual(response.status_code, 200)
 
@@ -1364,7 +1417,7 @@ def test_custom_modal_context_exists(self):
         self.assertIn("used_friendly_names", response.context)
         self.assertEqual(
             response.context["cancel_link"],
-            reverse("reporting:report_detail", kwargs={"pk": self.finding.report.pk}),
+            reverse("reporting:report_detail", kwargs={"pk": self.evidence.associated_report.pk}),
         )
 
     # Testing modal success view
@@ -1382,12 +1435,36 @@ def test_view_modal_success_uses_correct_template(self):
         self.assertTemplateUsed(response, "reporting/evidence_modal_success.html")
 
 
+class EvidenceForFindingCreateViewTests(BaseEvidenceCreateViewTests, TestCase):
+    """Collection of tests for :view:`reporting.EvidenceCreate`."""
+
+    PARENT_TYPE = "finding"
+
+    @classmethod
+    def setupEvidenceFactory(cls):
+        cls.finding = ReportFindingLinkFactory()
+        evidence = EvidenceOnFindingFactory(finding=cls.finding)
+        return (evidence, evidence.finding.pk)
+
+
+class EvidenceForReportCreateViewTests(BaseEvidenceCreateViewTests, TestCase):
+    """Collection of tests for :view:`reporting.EvidenceCreate`."""
+
+    PARENT_TYPE = "report"
+
+    @classmethod
+    def setupEvidenceFactory(cls):
+        cls.report = ReportFactory()
+        evidence = EvidenceOnReportFactory(report=cls.report)
+        return (evidence, evidence.report.pk)
+
+
 class EvidenceUpdateViewTests(TestCase):
     """Collection of tests for :view:`reporting.EvidenceUpdate`."""
 
     @classmethod
     def setUpTestData(cls):
-        cls.evidence = EvidenceFactory()
+        cls.evidence = EvidenceOnFindingFactory()
         cls.user = UserFactory(password=PASSWORD)
         cls.mgr_user = UserFactory(password=PASSWORD, role="manager")
         cls.uri = reverse("reporting:evidence_update", kwargs={"pk": cls.evidence.pk})
@@ -1433,7 +1510,7 @@ class EvidenceDeleteViewTests(TestCase):
 
     @classmethod
     def setUpTestData(cls):
-        cls.evidence = EvidenceFactory()
+        cls.evidence = EvidenceOnFindingFactory()
         cls.user = UserFactory(password=PASSWORD)
         cls.mgr_user = UserFactory(password=PASSWORD, role="manager")
         cls.uri = reverse("reporting:evidence_delete", kwargs={"pk": cls.evidence.pk})
diff --git a/ghostwriter/reporting/urls.py b/ghostwriter/reporting/urls.py
index ee851b61e..27a5b5eea 100644
--- a/ghostwriter/reporting/urls.py
+++ b/ghostwriter/reporting/urls.py
@@ -157,12 +157,12 @@
         name="local_edit",
     ),
     path(
-        "reports/evidence/upload/<int:pk>",
+        "reports/evidence/upload/<str:parent_type>/<int:pk>",
         views.EvidenceCreate.as_view(),
         name="upload_evidence",
     ),
     path(
-        "reports/evidence/upload/<int:pk>/<str:modal>",
+        "reports/evidence/upload/<str:parent_type>/<int:pk>/<str:modal>",
         views.EvidenceCreate.as_view(),
         name="upload_evidence_modal",
     ),
diff --git a/ghostwriter/reporting/views.py b/ghostwriter/reporting/views.py
index c8cd1d049..075457b54 100644
--- a/ghostwriter/reporting/views.py
+++ b/ghostwriter/reporting/views.py
@@ -757,14 +757,15 @@ def handle_no_permission(self):
 
     def get(self, *args, **kwargs):
         report_to_clone = self.get_object()
-        report_pk = None
+        old_pk = report_to_clone.pk
+        new_pk = None
         try:
             findings = ReportFindingLink.objects.select_related("report").filter(report=report_to_clone.pk)
             report_to_clone.title = report_to_clone.title + " Copy"
             report_to_clone.complete = False
             report_to_clone.pk = None
             report_to_clone.save()
-            report_pk = report_to_clone.pk
+            new_pk = report_to_clone.pk
             for finding in findings:
                 # Get any evidence files attached to the original finding
                 evidences = Evidence.objects.filter(finding=finding.pk)
@@ -792,6 +793,25 @@ def get(self, *args, **kwargs):
                             extra_tags="alert-warning",
                         )
 
+            for evidence in Evidence.objects.filter(report_id=old_pk):
+                if exists(evidence.document.path):
+                    evidence_file = File(evidence.document, os.path.basename(evidence.document.name))
+                    evidence.report = report_to_clone
+                    evidence._current_evidence = None
+                    evidence.document = evidence_file
+                    evidence.pk = None
+                    evidence.save()
+                else:
+                    logger.warning(
+                        "Evidence file not found: %s",
+                        evidence.document.path,
+                    )
+                    messages.warning(
+                        self.request,
+                        f"An evidence file was missing and could not be copied: {evidence.friendly_name} ({os.path.basename(evidence.document.name)})",
+                        extra_tags="alert-warning",
+                    )
+
             logger.info(
                 "Cloned %s %s by request of %s",
                 report_to_clone.__class__.__name__,
@@ -815,7 +835,7 @@ def get(self, *args, **kwargs):
                 extra_tags="alert-error",
             )
 
-        return HttpResponseRedirect(reverse("reporting:report_detail", kwargs={"pk": report_pk}))
+        return HttpResponseRedirect(reverse("reporting:report_detail", kwargs={"pk": new_pk}))
 
 
 class AssignBlankFinding(RoleBasedAccessControlMixin, SingleObjectMixin, View):
@@ -1563,7 +1583,7 @@ def handle_no_permission(self):
 
     def get_success_url(self):
         # Clear user's session if deleted report is their active report
-        if self.object.pk == self.request.session["active_report"]["id"]:
+        if self.object.pk == self.request.session.get("active_report", {}).get("id"):
             self.request.session["active_report"] = {}
             self.request.session["active_report"]["id"] = ""
             self.request.session["active_report"]["title"] = ""
@@ -2392,7 +2412,7 @@ class EvidenceDetailView(RoleBasedAccessControlMixin, DetailView):
     model = Evidence
 
     def test_func(self):
-        return verify_access(self.request.user, self.get_object().finding.report.project)
+        return verify_access(self.request.user, self.get_object().associated_report.project)
 
     def handle_no_permission(self):
         messages.error(self.request, "You do not have permission to access that.")
@@ -2448,7 +2468,11 @@ class EvidenceCreate(RoleBasedAccessControlMixin, CreateView):
     form_class = EvidenceForm
 
     def test_func(self):
-        return verify_access(self.request.user, self.finding_instance.report.project)
+        if self.finding_instance:
+            project = self.finding_instance.report.project
+        else:
+            project = self.report_instance.project
+        return verify_access(self.request.user, project)
 
     def handle_no_permission(self):
         messages.error(self.request, "You do not have permission to access that.")
@@ -2456,9 +2480,18 @@ def handle_no_permission(self):
 
     def setup(self, request, *args, **kwargs):
         super().setup(request, *args, **kwargs)
-        finding_pk = self.kwargs.get("pk")
-        self.finding_instance = get_object_or_404(ReportFindingLink, pk=finding_pk)
-        self.evidence_queryset = Evidence.objects.filter(finding=self.finding_instance.pk)
+        pk = self.kwargs.get("pk")
+        typ = self.kwargs.get("parent_type")
+        if typ == "report":
+            self.finding_instance = None
+            self.report_instance = get_object_or_404(Report, pk=pk)
+            self.evidence_queryset = Evidence.objects.filter(report=self.report_instance.pk)
+        elif typ == "finding":
+            self.finding_instance = get_object_or_404(ReportFindingLink, pk=pk)
+            self.report_instance = None
+            self.evidence_queryset = Evidence.objects.filter(finding=self.finding_instance.pk)
+        else:
+            raise Http404("Unrecognized evidence parent model type: {!r}".format(typ))
 
     def get_template_names(self):
         if "modal" in self.kwargs:
@@ -2477,7 +2510,11 @@ def get_form_kwargs(self):
 
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)
-        ctx["cancel_link"] = reverse("reporting:report_detail", kwargs={"pk": self.finding_instance.report.pk})
+        if self.finding_instance:
+            report = self.finding_instance.report
+        else:
+            report = self.report_instance
+        ctx["cancel_link"] = reverse("reporting:report_detail", kwargs={"pk": report.pk})
         if "modal" in self.kwargs:
             friendly_names = self.evidence_queryset.values_list("friendly_name", flat=True)
             used_friendly_names = []
@@ -2491,7 +2528,10 @@ def get_context_data(self, **kwargs):
     def form_valid(self, form, **kwargs):
         obj = form.save(commit=False)
         obj.uploaded_by = self.request.user
-        obj.finding = self.finding_instance
+        if self.finding_instance:
+            obj.finding = self.finding_instance
+        else:
+            obj.report = self.report_instance
         obj.save()
         form.save_m2m()
         if os.path.isfile(obj.document.path):
@@ -2511,7 +2551,11 @@ def form_valid(self, form, **kwargs):
     def get_success_url(self):
         if "modal" in self.kwargs:
             return reverse("reporting:upload_evidence_modal_success")
-        return reverse("reporting:report_detail", args=(self.finding_instance.report.pk,))
+        if self.report_instance:
+            report_pk = self.report_instance.pk
+        else:
+            report_pk = self.finding_instance.report.pk
+        return reverse("reporting:report_detail", args=(report_pk,))
 
 
 class EvidenceUpdate(RoleBasedAccessControlMixin, UpdateView):
@@ -2532,7 +2576,7 @@ class EvidenceUpdate(RoleBasedAccessControlMixin, UpdateView):
     form_class = EvidenceForm
 
     def test_func(self):
-        return verify_access(self.request.user, self.get_object().finding.report.project)
+        return verify_access(self.request.user, self.get_object().associated_report.project)
 
     def handle_no_permission(self):
         messages.error(self.request, "You do not have permission to access that.")
@@ -2540,7 +2584,10 @@ def handle_no_permission(self):
 
     def get_form_kwargs(self):
         kwargs = super().get_form_kwargs()
-        evidence_queryset = Evidence.objects.filter(finding=self.object.finding.pk)
+        if self.object.finding:
+            evidence_queryset = Evidence.objects.filter(finding=self.object.finding.pk)
+        else:
+            evidence_queryset = Evidence.objects.filter(report=self.object.report.pk)
         kwargs.update({"evidence_queryset": evidence_queryset})
         return kwargs
 
@@ -2583,7 +2630,7 @@ class EvidenceDelete(RoleBasedAccessControlMixin, DeleteView):
     template_name = "confirm_delete.html"
 
     def test_func(self):
-        return verify_access(self.request.user, self.get_object().finding.report.project)
+        return verify_access(self.request.user, self.get_object().associated_report.project)
 
     def handle_no_permission(self):
         messages.error(self.request, "You do not have permission to access that.")
@@ -2598,7 +2645,7 @@ def get_success_url(self):
             message,
             extra_tags="alert-success",
         )
-        return reverse("reporting:report_detail", kwargs={"pk": self.object.finding.report.pk})
+        return reverse("reporting:report_detail", kwargs={"pk": self.object.associated_report.pk})
 
     def get_context_data(self, **kwargs):
         ctx = super().get_context_data(**kwargs)