ISO/IEC 27041 — Information technology — Security techniques — Guidelines for the analysis and interpretation of digital evidence (DRAFT)

Background

The fundamental purpose of the digital forensics standards ISO/IEC 27037, 27041, 27042 and 27043 is to promote good practice methods and processes for forensic investigation of digital evidence.  While individual investigators, organizations and jurisdictions may well retain certain methods, processes and controls, it is hoped that standardization will (eventually) lead to the adoption of similar if not identical approaches internationally, making it easier to compare, combine and contrast the results of such investigations even when performed by different people or organizations and potentially across different jurisdictions.

Scope and purpose

The primary focus of this standard is on assurance for the forensics processes relating to investigation of digital evidence.  Credibility, trustworthiness  and integrity are fundamental requirements for all forensics methods: this standard promotes the assurance aspects of investigating digital evidence.

The standard will offer guidance on assuring the suitability and adequacy of the methods for investigating digital forensic evidence.  It will describe methods through which all stages of the investigation process can be shown to be appropriate (proper and suitable in themselves, and correctly performed).

It will specify ‘investigative requirements’, essentially laying out the ground rules for digital forensics.

Status of the standard

The 2nd WD is available to SC27.  The title has changed - and may yet change again.