Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide to Integrating Forensic Techniques into Incident Response



Timothy Grance, Suzanne Chevalier, Karen A. Scarfone, Hung Dang


This publication is intended to help organizations in investigating computer security incidents and troubleshooting some information technology (IT) operational problems by providing practical guidance on performing computer and network forensics. The guide presents forensics from an IT view, not a law enforcement view. Specifically, the publication describes the processes for performing effective forensics activities and provides advice regarding different data sources, including files, operating systems (OS), network traffic, and applications. The publication is not to be used as an all-inclusive step-by-step guide for executing a digital forensic investigation or construed as legal advice. Its purpose is to inform readers of various technologies and potential ways of using them in performing incident response or troubleshooting activities. Readers are advised to apply the recommended practices only after consulting with management and legal counsel for compliance concerning laws and regulations (i.e., local, state, Federal, and international) that pertain to their situation.
Special Publication (NIST SP) - 800-86
Report Number


FISMA, Forensics, Incident Response


Grance, T. , Chevalier, S. , Scarfone, K. and Dang, H. (2006), Guide to Integrating Forensic Techniques into Incident Response, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed July 24, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created August 31, 2006, Updated June 24, 2021