Guidelines for Evidence Collection and Archiving
RFC 3227, “Guidelines for Evidence Collection and Archiving”, is a Best Current Practice document published in February 2002 by D. Brezinski, T. Killalea. The canonical text is published by the RFC Editor.
Abstract
A "security incident" as defined in the "Internet Security Glossary", RFC 2828, is a security-relevant system event in which the system's security policy is disobeyed or otherwise breached. The purpose of this document is to provide System Administrators with guidelines on the collection and archiving of evidence relevant to such a security incident. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.
What “Best Current Practice” means
Documents the IETF community's recommended operational or procedural practice rather than a protocol specification.
The canonical text of RFC 3227 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 3228 IANA Considerations for IPv4 Internet Group Management Protocol
- RFC 3229 Delta encoding in HTTP
- RFC 3224 Vendor Extensions for Service Location Protocol, Version 2
- RFC 3230 Instance Digests in HTTP
- RFC 3231 Definitions of Managed Objects for Scheduling Management Operations
- RFC 3232 Assigned Numbers: RFC 1700 is Replaced by an On-line Database
- RFC 3233 Defining the IETF
- RFC 3220 IP Mobility Support for IPv4