Thursday, January 05, 2006

New NIST document (draft)

I was reviewing the updated E-evidence.info site this morning, and one of the interesting things I came across was the draft NIST SP800-86, Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response.

As I read through the document for the first time, it's clear that this is a great place to start. From my perspective, I'm glad to see a short, 2 paragraph discussion of NTFS alternate data streams on page 4-5 of the document. The author's did provide footnotes with links to URLs for more information. There's also a section on collecting volatile data from systems.

It's a good resource, that's for sure. Take a look when you get a chance.

2 comments:

Jesse Kornblum said...

The NIST paper looks great, but where on the e-evidence site did you find it?

Ryan Sommers said...

http://www.e-evidence.info/n.html