During the course of incident response you’ll want a handy resource to follow while conducting your security investigation. A new special report was published by the National Institute of Justice called “Investigations Involving the Internet and Computer Networks” which you can download here.

It’s extremely thorough and covers these topic areas:

• Tracing an Internet Address to a Source
• Investigations Involving E-Mail
• Investigations Involving Web Sites
• Investigations Involving Instant Message Services, Chat Rooms, and IRC
• Investigations Involving File Sharing Networks
• Investigations of Network Intrusion/Denial of Service
• Investigations Involving Bulletin Boards, Message Boards, Listservs, and newsgroups
• Legal Issues

I especially like the appendix sections:

• Sample Subpoenas and Reports
• Examples of Potential Sources of Evidence in Network Investigations

Check it out!