NIST Site Search
Search NIST.GOV
Custom Search
[Official NIST.GOV TIME]
Product Research

Advertise on this site
NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response
...scratching the surface of forensics and incident response
on Monday 04 September 2006
in NIST.gov Publications > Special Publications - SP 800 series

This document is intended to help organizations in handling computer security incidents. It also provides some practical guidance on performing computer and network forensics. SP 800-86 describes the processes for performing effective forensics activities in support of incident response, and it provides advice regarding different data sources, including files, operating systems, network traffic, and applications.

Download the entire NIST SP 800-86 Document.

You may use the NIST.org Forum to ask questions or discuss this document.

Below is a short description of SP 800-86 from NIST.gov, edited:

NIST.gov has released the final of SP 800-86, "Guide to Integrating Forensic Techniques into Incident Response". This document is intended to help organizations in handling computer security incidents. It also provides some practical guidance on performing computer and network forensics. SP 800-86 describes the processes for performing effective forensics activities in support of incident response, and it provides advice regarding different data sources, including files, operating systems, network traffic, and applications. Several scenarios involving the use of forensic techniques are also included as the basis for tabletop exercises.

Forensic science is generally defined as the application of science to the law. Digital forensics, also known as computer and network forensics, has many definitions. Generally, it is considered the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. Data refers to distinct pieces of digital information that have been formatted in a specific way. Organizations have an ever-increasing amount of data from many sources. For example, data can be stored or transferred by standard computer systems, networking equipment, computing peripherals, personal digital assistants (PDA), consumer electronic devices, and various types of media, among other sources.

Because of the variety of data sources, digital forensic techniques can be used for many purposes, such as investigating crimes and internal policy violations, reconstructing computer security incidents, troubleshooting operational problems, and recovering from accidental system damage. Practically every organization needs to have the capability to perform digital forensics. This guide provides detailed information on establishing a forensic capability, including the development of policies and procedures. Its focus is primarily on using forensic techniques to assist with computer security incident response, but much of the material is also applicable to other situations.

---
The SP 800-86 document was created by the National Institute of Standards and Technology and is public domain (not subject to copyright).


NIST Special Publication # 800-86


Translate to: French German Italian Spanish Portuguese GTM_LAN_DUTCH Russian Chinese Arabic Korean English
Latest NIST.org news and comments
Google Ads




Curl error: 7, couldn't connect to host
Headlines

»NIST Posts Initial Analysis of RFI Comments on Cybersecurity Framework for Critical Infrastructure
»NIST Issues Major Revision of Core Computer Security Guide: SP 800-53
»Second Cybersecurity Infrastructure Framework Workshop Gathers May 29-31, 2013
»NIST Announces Plan to Sponsor First Cybersecurity FFRDC
»Eleven Companies Join as Partners in National Cybersecurity Center of Excellence
»Improving Critical Infrastructure Cybersecurity Workshop Video Available On Demand
»May Conference to Discuss Safeguarding Health Information Through HIPAA Security
»NIST to Host Symposium on Ontology Evaluation May 2-3
»Industry Partners Join the National Cybersecurity Center of Excellence
»Health IT Mobile Device Use Case Meeting
»NCCOE NCEP Signing Ceremony
»NFI Publishes White Paper on Trends, Challenges and Strategy in Forensic Science
»NIST Guides Seek Interoperability for Automated Fingerprint ID Systems
»National Cybersecurity Center of Excellence
»NIST Panel Expands Recommendations for Use of Electronic Health Records in Pediatrics

Date published: not known
Details

»Google Releases Google Chrome 27.0.1453.93
Original release date: May 22, 2013 Google has released Google Chrome 27.0.1453.93 for Window ...
»Adobe Releases Security Updates for Adobe Flash Player
Original release date: May 16, 2013 Adobe has released security updates for Adobe Flash Playe ...
»Security Updates Available for Adobe Reader and Acrobat
Original release date: May 16, 2013 Adobe has released security updates for Adobe Reader and ...
»Mozilla Releases Multiple Updates
Original release date: May 16, 2013 The Mozilla Foundation has released updates for the follo ...
»Microsoft Releases May 2013 Security Bulletin
Original release date: May 09, 2013 | Last revised: May 14, 2013 Microsoft has released updat ...
»Adobe Releases Security Update for ColdFusion
Original release date: May 09, 2013 | Last revised: May 14, 2013 Adobe has released a securit ...
»Microsoft Releases Security Advisory for Internet Explorer
Original release date: May 07, 2013 Microsoft is investigating public reports of a remote cod ...
»Cisco Releases Security Advisories
Original release date: April 25, 2013 Cisco has released three security advisories to address ...
»Apple Releases Security Updates for Safari
Original release date: April 18, 2013 Apple has released security updates for Safari 6.0.4 We ...
»Scams Exploiting Boston Marathon Explosion
Original release date: April 17, 2013 | Last revised: April 18, 2013 Malicious actors are exp ...

Date published: not known
Details

»U-243: libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service
libvirt virTypedParameterArrayClear() Memory Access Error Lets Remote Users Deny Service
»U-242: Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges
Linux Kernel Netlink SCM_CREDENTIALS Processing Flaw Lets Local Users Gain Elevated Privileges
»U-241: Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information
Adobe Flash Player Bugs Let Remote Users Execute Arbitrary Code and Obtain Information
»U-240: Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information
Apple Remote Desktop Encryption Failure Lets Remote Users Obtain Potentially Sensitive Information
»U-239: Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses
Apple iPhone SMS Processing Flaw Lets Remote Users Spoof SMS Source Addresses
»U-238: HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
HP Service Manager Input Validation Flaw Permits Cross-Site Scripting Attacks
»U-237: Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability
Mozilla Firefox CVE-2012-1950 Address Bar URI Spoofing Vulnerability
»U-236: Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
Microsoft JScript and VBScript Engine Integer Overflow Lets Remote Users Execute Arbitrary Code
»U-235: Microsoft Security Bulletin Advance Notification for August 2012
Microsoft Security Bulletin Advance Notification for August 2012
»U-234: Oracle MySQL User Login Security Bypass Vulnerability
Oracle MySQL User Login Security Bypass Vulnerability
»U-233: Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileges
Oracle Database INDEXTYPE CTXSYS.CONTEXT Bug Lets Remote Authenticated Users Gain Elevated Privileg ...
»U-232: Xen p2m_teardown() Bug Lets Local Guest OS Users Deny Service on the Host OS
Xen p2m_teardown() Bug Lets Local Guest OS Users Deny Service on the Host OS
»U-231: Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service
Cisco ASA SIP and WebVPN Bugs Let Remote Users Deny Service
»U-230: Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges
Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges
»U-229: HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks
HP Network Node Manager i Input Validation Flaw Permits Cross-Site Scripting Attacks

Date published: not known
Details

»Dutch citizens keep extra cash at hand following DDoS attacks
Month-long attacks had significant impact.
»India believed to be source of sophisticated surveillance campaigns
In-depth investigations find widespread worldwide snooping, Pakistan primary target.
»German anti-botnet advisory recommends the use of ad blockers for security
'If websites want to include ads, they must make sure they are secure.'
»Commoditization increasingly seen in mobile malware
Number of malicious samples and families increase, as Android remains most popular mobile platform.
»Microsoft 'found to make requests' to URLs shared via Skype
HEAD requests likely used to determine landing page.
»Program turns anti-analysis tools against the malware
Users cautioned to be wary of a false sense of security.
»Twitter, Facebook accounts used in watering hole campaign
USAID sympathizers targeted with links from 'like-minded people'.
»Microsoft offers fix-it for IE 8 zero-day
CVE-2013-1347 used in watering hole attacks.
»Vulnerabilities could trigger payload in emails upon receiving or opening
Flaws in IBM Notes and Exim/Dovecot easy to mitigate.

Date published: not known
Details

»BIOS Bummer: New Malware Can Bypass BIOS Security
Researchers expect to release proof-of-concepts at Black Hat that show how malware can infect BIOS, ...
»Fortinet Introduces Next-Generation Operating System Inbox
FortiWeb 5 OS able to accurately identify the origin of Web application traffic to distinguish betwe ...
»Over Half Of Big Data & Cloud Projects Stall Because Of Security Concerns
Majority of senior-level IT and security respondents concerned about inability to secure data across ...
»Security Pros Fail In Business Lingo
Survey shows communication breakdown between IT security staffers and business execs
»Google Upgrades Encryption In Its SSL Certificates
RSA 2048-bit encryption for all Google SSL certs, root certificate
»Beware Of The 'Checklist' Penetration Tester
A sure-fire way to spot a novice
»DHS Warns Employees Of Potential Breach Of Private Data
A vulnerability in software used by a DHS vendor potentially exposed information ranging from social ...
»Black Hat: Chief Engineer of NASA's Jet Propulsion Laboratory To Keynote Day Two Of Black Hat USA 2013
Brian Muirhead has unique experience in solving the challenges of both robotic and human exploration ...
»Skyhigh Networks Launches With $20M From Sequoia
Round was led by Sequoia Capital

Date published: not known
Details
Main Menu
· Home

NIST Security Books
NIST IT Security Books

Training / Books

»Security Certifications -
» CISSP, SSCP, Security+, etc.

»Computer Forensics

»Ethical Hacking

»Malware, Spyware, Viruses

»FISMA Compliance, Policies, etc

»PKI, Encryption, Smartcards

»Windows Security Guides

»HIPAA, SOX, CISP, etc.

NIST.org Security Bookstore
Current Security News
 
SANS Internet Storm Center, InfoCON: green

» Infocon: green

» ISC StormCast for Thursday, May 23rd 2013 http://isc.sans.edu/podcastdetail.html?id=3326, (Thu, May 23rd)
[23 May 2013 03:59pm]

» MoVP II, (Thu, May 23rd)
[23 May 2013 08:00am]

» Wireshark 1.10.0rc2 is now available http://www.wireshark.org/download.html, (Thu, May 23rd)
[22 May 2013 06:34pm]

» Chrome 24.0.1312.52 has been updated for Windows, Mac, Linux, and Chrome Frame, (Wed, May 22nd)
[22 May 2013 05:52pm]

» Apple QuickTime 7.7.4 for Windows updated, MANY security vulnerabilities: http://support.apple.com/kb/HT1222, (Wed, May 22nd)
[22 May 2013 05:51pm]

» Wireshark 1.8.7 and 1.6.15 Released http://www.wireshark.org/news/20130517.html, (Wed, May 22nd)
[22 May 2013 02:01pm]

» Privilege escalation, why should I care?, (Wed, May 22nd)
[22 May 2013 10:10am]

» ISC StormCast for Wednesday, May 22nd 2013 http://isc.sans.edu/podcastdetail.html?id=3323, (Wed, May 22nd)
[21 May 2013 07:19pm]

» Moore, Oklahoma tornado charitable organization scams, malware, and phishing, (Tue, May 21st)
[21 May 2013 02:33pm]

» Chrome 27 stable released http://googlechromereleases.blogspot.ca/ some security fixes, (Tue, May 21st)
[21 May 2013 11:14am]
***
CNET News.com

» Two-factor authentication: What you need to know (FAQ)
[23 May 2013 06:29pm]

» Is protecting intellectual property from cyberthieves futile?
[23 May 2013 01:30pm]

» Is protecting intellectual property from cyber thieves futile?
[23 May 2013 01:30pm]

» Help protect yourself from signed malware in OS X
[23 May 2013 09:55am]

» The wide world of hacking in China
[23 May 2013 09:00am]

» Kim Dotcom threatens to sue Twitter, others over patent
[23 May 2013 08:23am]

» SAP touts service that sells customer data from phone firms
[22 May 2013 12:57am]

» Power utilities claim 'daily' and 'constant' cyberattacks, says report
[21 May 2013 09:14pm]

» Guantanamo Wi-Fi shuttered after Anonymous hacking threat
[20 May 2013 08:45pm]

» Google breach may have led to sensitive data leaks
[20 May 2013 06:52pm]

» Future Firefox takes tougher stance on mixed content
[17 May 2013 01:52pm]

» Google security: You (still) are the weakest link
[16 May 2013 08:00pm]

» Google Glass spurs privacy questions from Congress
[16 May 2013 03:53pm]

» New Mac spyware found in the Oslo Freedom Forum
[16 May 2013 09:34am]

» LulzSec case in U.K. brings sentences for 4 men
[16 May 2013 08:33am]
***
Computerworld Security News

» Could the Bitcoin network be used as an ultrasecure notary service?
[23 May 2013 07:10pm]

» U.S. urged to let companies 'hack-back' at IP cyber thieves
[23 May 2013 01:08pm]

» Microsoft boosts Japan Azure offering, adds data centers
[23 May 2013 05:02am]

» SoftBank in talks with U.S. to allay security fears, report says
[23 May 2013 12:55am]

» Twitter aims to become safer with two-step sign-in
[22 May 2013 07:39pm]

» Growing mobile malware threat swirls (mostly) around Android
[22 May 2013 10:01am]

» More Security News
***


***


More IT Security
News Feeds
More Sponsors

Advertise on this site
NIST - Books You Need

NIST Bookstore
RSS Feeds
Our news can be syndicated by using these rss feeds.
rss1.0
rss2.0
rdf
Symantec News

NIST.org is in no way connected to the U.S. government site NIST.gov

This site is © John Herron, CISSP. All Rights Reserved.

Please visit daily to stay up to date on all your IT Security compliance issues.

http://www.nist.org -
Hosted by BlueHost. We've never had a better hosting company.
{THEMEDISCLAIMER}