I was reviewing the updated E-evidence.info site this morning, and one of the interesting things I came across was the draft NIST SP800-86, Guide to Computer and Network Data Analysis: Applying Forensic Techniques to Incident Response.
As I read through the document for the first time, it's clear that this is a great place to start. From my perspective, I'm glad to see a short, 2 paragraph discussion of NTFS alternate data streams on page 4-5 of the document. The author's did provide footnotes with links to URLs for more information. There's also a section on collecting volatile data from systems.
It's a good resource, that's for sure. Take a look when you get a chance.
The NIST paper looks great, but where on the e-evidence site did you find it?
ReplyDeletehttp://www.e-evidence.info/n.html
ReplyDelete