ISO/IEC 27050-3
ISO/IEC 27050-3:2020 — Information technology — Security techniques — Electronic discovery — Part 3: Code of practice for electronic discovery
(second edition)
Abstract
ISO/IEC 27050 part 3 “provides requirements and recommendations on activities in electronic discovery, including, but not limited to, identification, preservation, collection, processing, review, analysis and production of electronically stored information (ESI). In addition, this document specifies relevant measures that span the lifecycle of the ESI from its initial creation through to final disposition. [Part 3] is relevant to both non-technical and technical personnel involved in some or all of the electronic discovery activities. It is important to note that the user is expected to be aware of any applicable jurisdictional requirements.”
[Source: ISO/IEC 27050-3:2020]
Introduction
Part 3 identifies requirements and offers guidance on the seven main steps of eDiscovery noted in part 1 i.e. ESI:
Identification - what information from/at a crime scene might be relevant and useful?
Preservation - starting the chain of evidence.
Collection - removing physical media etc,
Processing - forensic bit-copies.
Review - searching evidence for relevant info.
Analysis - picking out the most weighty bits for court.
Production - preparing the evidence+analysis to present in court.
Scope
The structured processes involving Electronically Stored Information.
Structure
Main sections:
5: Electronic discovery background
6: Electronic discovery requirements and guidance
Status
The first edition of part 3 was published in 2017.
The second edition was published in 2020.
Commentary
Part 3 is, essentially, a basic, generic how-to-do-it guide laying out the key elements that will no doubt form the basis of many digital forensics manuals.
While full-time forensics specialists have their own well-practiced procedures, training, forms, tools etc., corporate information security pro's who only get involved occasionally in this area may benefit from preparing the basics to get the process started properly, even if the decision is made to call in eForensics specialists. If things get fouled up at the beginning, they are unlikely to be recoverable later on, compromising potentially valid cases.