ISO/IEC 27042 — Information technology — Security techniques — Guidelines for the analysis and interpretation of digital evidence (DRAFT)
The fundamental purpose of the digital forensics standards ISO/IEC 27037, 27041, 27042 and 27043 is to promote good practice methods and processes for forensic investigation of digital evidence. While individual investigators, organizations and jurisdictions may well retain certain methods, processes and controls, it is hoped that standardization will (eventually) lead to the adoption of similar if not identical approaches internationally, making it easier to compare, combine and contrast the results of such investigations even when performed by different people or organizations and potentially across different jurisdictions.
Scope and purpose
The standard will provide guidelines for the analysis and interpretation of digital evidence.
The standard will “lay down certain fundamental principles which are intended to ensure that tools, techniques and methods can be selected appropriately and shown to be fit for purpose should the need arise. [It will also] inform decision-makers that need to determine the reliability of digital evidence presented to them. It is applicable to organizations needing to protect, analyze and present potential digital evidence. It is relevant to policy-making bodies that create and evaluate procedures relating to digital evidence, often as part of a larger body of evidence.” [text adapted from the 2nd WD]
This standard will complement ISO/IEC 27035, 27037, 27041 and 27043.
Status of the standard
A 2nd WD is available to SC27. The project team has agreed to align the terminology and approach between this standard and 27035, 27037, 27041 and 27043, but confirmed an earlier decision not it integrate this standard fully within 27037.