This subject guide provides comprehensive information on developing a forensic capability, including the establishing of policies and procedures. Its focus is primarily on using forensic techniques to assist with incident handlers including system and network administrators to respond to computer related security incidents.
A. Layout of Publication
This publication is divided into following major portions as under:-
1) Section 1- Introduction:
a) Authority: NIST has developed this publication in furtherance of its statutory responsibilities under Federal Information
Security Management Act (FISMA) of 2002. This guideline is for Government agencies. It may be used by nongovernmental agencies on a voluntary basis and is not subject to copyright,
…show more content…
d) Publication Structure: This portion discuss the logical structure of document. Sections 4 through 7 describe the collection, examination, and analysis of data from data files,
OSs, network traffic and application data. Section 8 of the guide presents two examples of the use of multiple data sources during digital forensics.
2) Section 2- Establishing and Organizing a Forensics Capability:
This section discusses several aspects of organizing a forensics capability for an organization. It begins by showing the wide variety of potential uses for forensics, and then presents a high-level overview of the forensics process. The next part of the section discusses how forensics services are typically provided and provides guidance on building and maintaining the necessary skills to perform forensics tasks.
The section also explains the need to include various teams from throughout the organization, such as legal advisors and physical security staff, in some forensic activities. The section ends by discussing how policies, guidelines, and procedures should address forensics (e.g., defining roles and responsibilities, providing guidance on the proper usage of tools