Full title in original language:
Guidelines for Evidence Collection and Archiving
Education level:
University University (18+ years)Topic / subtopic:
Cybercrime Cybercrime investigationTarget audience:
Students,
Teachers / Lecturers
Type of resource:
Publication / Article
Languages:
English
Region of relevance:
Global
Access:
open access
Individual authors:
D. Brezinski, T. Killalea
Publication year:
2002
Published by:
The Internet Society
Copyright holder:
© The Internet Society
Contact name and address:
The Internet Society
Contact email:
isoc@isoc.org
Key themes:
cyber, cybercrime, forensic, investigation, cyber-crime, cyber space, cyberspace, evidence collection, archiving
Links:
Short description:
A "security incident" as defined in the "Internet Security Glossary", RFC 2828, is a security-relevant system event in which the system’s security policy is disobeyed or otherwise breached. The purpose of this document is to provide System Administrators with guidelines on the collection and archiving of evidence relevant to such a security incident.
If evidence collection is done correctly, it is much more useful in apprehending the attacker, and stands a much greater chance of being admissible in the event of a prosecution.