NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response

by National Institute of Standards and Technology

NIST SP 800-86 August 2006 This guide provides general recommendations for performing the forensic process. It also provides detailed information about using the analysis process with four major categories of data files, operating systems, network traffic, and applications. The guide focuses on explaining the basic components and characteristics of data sources within each category, as well as techniques for the collection, examination, and analysis of data from each category. The guide also provides recommendations for how multiple data sources can be used together to gain a better understanding of an event. Forensic science is generally defined as the application of science to the law. Digital forensics, also known as computer and network forensics, has many definitions. Generally, it is considered the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. Data refers to distinct pieces of digital information that have been formatted in a specific way. Organizations have an ever-increasing amount of data from many sources. For example, data can be stored or transferred by standard computer systems, networking equipment, computing peripherals, personal digital assistants (PDA), consumer electronic devices, and various types of media, among other sources. Because of the variety of data sources, digital forensic techniques can be used for many purposes, such as investigating crimes and internal policy violations, reconstructing computer security incidents, troubleshooting operational problems, and recovering from accidental system damage. Practically every organization needs to have the capability to perform digital forensics (referred to as forensics throughout the rest of the guide). Without such a capability, an organization will have difficulty determining what events have occurred within its systems and networks, such as exposures of protected, sensitive data. This guide provides detailed information on establishing a forensic capability, including the development of policies and procedures. Its focus is primarily on using forensic techniques to assist with computer security incident response, but much of the material is also applicable to other situations. Why buy an eBook when you can download a PDF for free? First you gotta find it and make sure it’s the latest version, not always easy. It’s much more cost-effective to just order the latest version from Amazon.com Unlike a PDF, this eBook allows easy page navigation because we bookmarked the Chapters and Appendices. (Don’t judge based on the free sample because that functionality is not activated on the free sample.) Once you buy a copy you will see how easy it is to get to the information you seek - fast. This material is published by 4th Watch Publishing Co. We publish tightly-bound, full-size books at 8 ½ by 11 inches, with glossy covers. 4th Watch Publishing Co. is a Service Disabled Veteran Owned Small Business (SDVOSB) and is not affiliated with the National Institute of Standards and Technology. A full copy of over 300 cybersecurity standards is loaded on our CyberSecurity Standards Library DVD which is available at Amazon.com. And, if you need to look up an acronym or the definition of a word, just go to the Cyber Dictionary.

Kindle Edition

Published December 2, 2017