Collecting Evidence/Forensics

The following resources provide information about CERT forensics work, basic forensic data collection, and forensic methodology.

CERT Digital Intelligence and Investigation (DIID)
The CERT DIID team conducts research and develops technologies, capabilities, and practices that organizations can use to develop incident response capabilities and facilitate incident investigations.

First Responders Guide to Computer Forensics
This 2005 handbook targets performing basic forensic data collection, a critical training gap in the fields of information security, computer forensics, and incident response.

First Responders Guide to Computer Forensics - Advanced Topics
This document features a description of technical operations such as process characterization and spoofed email, and is designed for experienced security/network professionals who already have a fundamental understanding of forensic methodology.

Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations – OLE Litigation Series, U.S. Department of Justice
This document outlines ground rules for handling evidence in crimes involving computers.

Guidelines for Evidence Collection and Archiving (RFC 3227) – Internet Society memo
These guidelines are written for system administrators and are related to collecting and archiving evidence that is relevant to security incidents.

Contact Us

Contact us if you have questions about our Forensics work.

Contact Us