Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-7-8067

Number 9-7-8067
Priority Highly Important
Description Evidence Collection Guidelines: Network Operators, Service Providers should develop a set of processes detailing evidence collection and preservation guidelines. Procedures should be approved by management/legal counsel. Those responsible for conducting investigations should test the procedures and be trained according to their content. Organizations unable to develop a forensic computing capability should establish a relationship with a trusted third party that possesses a computer forensics capability. Network Administrators and System Administrators should be trained on basic evidence recognition and preservation and should understand the protocol for requesting forensic services.
Network Type(s) Cable; Internet/Data; Satellite; Wireless; Wireline
Industry Role(s) Service Provider; Network Operator
Keyword(s) Cyber Security;Procedures;Training and Awareness;
Reference/Comments IETF RFC3227, http://www.cybercrime.gov