ENISA (the European Union for Network and Information Security) has published a report on evidence gathering for CERTs first responders, with an emphasis on electronic evidence gathering and digital forensics. CERTs are computer emergency response teams – expert groups that handle computer security incidents.
The guide aims to be a practical tool explaining the principles of sound evidence gathering and raising the right questions for collecting and securing digital evidence. The study complements the existing, vast, material on ‘digital forensics and evidence gathering’, which in most cases is written from the law enforcement perspective. For most CERTs this is a limited, and for many, a relatively new field of operation with a growing importance.
Digital investigation and forensics are usually provided by CERTs as a service, on an ‘on-demand’ basis. A higher level of mutual understanding and collaboration between CERTs and law enforcement is considered to be the way forward to improve both the quality and the speed of results achieved in the fight against cybercrime.
For the full report: see Electronic evidence – a basic guide for First Responders
The report is a continuation of the work done by ENISA in the field of good practices for CERTs and LEAs in the fight against cybercrime. It follows the Baseline capabilities of non Governmental CERTs – Updated Recommendations 2012, the updated set of recommendations on baseline capabilities for non-Governmental CERTs in Europe, and the training material developed based on these principles, namely the Digital Forensics Training Handbook.