ISO/IEC 27043 — Information technology — Security techniques —  Digital evidence investigation principles and processes (DRAFT)

Background

The fundamental purpose of the digital forensics standards ISO/IEC 27037, 27041, 27042 and 27043 is to promote good practice methods and processes for forensic investigation of digital evidence.  While individual investigators, organizations and jurisdictions may well retain certain methods, processes and controls, it is hoped that standardization will (eventually) lead to the adoption of similar if not identical approaches internationally, making it easier to compare, combine and contrast the results of such investigations even when performed by different people or organizations and potentially across different jurisdictions.

Scope and purpose

The standard will offer guidance on the forensic principles behind, and the processes involved in, investigating incidents.

It will provide “guidelines that encapsulate idealised models for common investigation processes across various investigation scenarios ... from pre-incident preparation ... to ... returning of evidence to be stored or disseminated. This includes any general advice and caveats on processes[,] and appropriate identification, collection, acquisition, preservation, analysis and presentation of  [digital] evidence.”  [text adapted from the 2nd WD]

Status of the standard

The 2nd WD is available to SC27.