Thursday, January 05, 2006

New NIST document (draft)

I was reviewing the updated site this morning, and one of the interesting things I came across was the draft NIST SP800-86, Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response.

As I read through the document for the first time, it's clear that this is a great place to start. From my perspective, I'm glad to see a short, 2 paragraph discussion of NTFS alternate data streams on page 4-5 of the document. The author's did provide footnotes with links to URLs for more information. There's also a section on collecting volatile data from systems.

It's a good resource, that's for sure. Take a look when you get a chance.


Jesse Kornblum said...

The NIST paper looks great, but where on the e-evidence site did you find it?

Ryan Sommers said...