||Evidence Collection Guidelines: Network Operators, Service Providers should develop a set of processes detailing evidence collection and preservation guidelines. Procedures should be approved by management/legal counsel. Those responsible for conducting investigations should test the procedures and be trained according to their content. Organizations unable to develop a forensic computing capability should establish a relationship with a trusted third party that possesses a computer forensics capability. Network Administrators and System Administrators should be trained on basic evidence recognition and preservation and should understand the protocol for requesting forensic services.
||Cable; Internet/Data; Satellite; Wireless; Wireline
||Service Provider; Network Operator
||Cyber Security;Procedures;Training and Awareness;
||IETF RFC3227, http://www.cybercrime.gov