Information technology - Security techniques - Guidelines for the analysis and interpretation of digital evidence (ISO/IEC 27042:2015)

This International Standard provides guidance on the analysis and interpretation of digital evidence
in a manner which addresses issues of continuity, validity, reproducibility, and repeatability. It
encapsulates best practice for selection, design, and implementation of analytical processes and
recording sufficient information to allow such processes to be subjected to independent scrutiny
when required. It provides guidance on appropriate mechanisms for demonstrating proficiency and
competence of the investigative team.
Analysis and interpretation of digital evidence can be a complex process. In some circumstances, there
can be several methods which could be applied and members of the investigative team will be required
to justify their selection of a particular process and show how it is equivalent to another process used
by other investigators. In other circumstances, investigators may have to devise new methods for
examining digital evidence which has not previously been considered and should be able to show that
the method produced is “fit for purpose”.
Application of a particular method can influence the interpretation of digital evidence processed by
that method. The available digital evidence can influence the selection of methods for further analysis
of digital evidence which has already been acquired.
This International Standard provides a common framework, for the analytical and interpretational
elements of information systems security incident handling, which can be used to assist in the
implementation of new methods and provide a minimum common standard for digital evidence
produced from such activities.

Informationstechnik - IT-Sicherheitsverfahren - Leitfaden für die Analyse und Interpretation digitaler Beweismittel (ISO/IEC 27042:2015)

Technologies de l'information - Techniques de sécurité - Lignes directrices pour l'analyse et l'interprétation de preuves numériques (ISO/IEC 27042:2015)

Informacijska tehnologija - Varnostne tehnike - Smernice za analizo in tolmačenje digitalnih dokazov (ISO/IEC 27042:2015)

Ta mednarodni standard podaja smernice za analizo in tolmačenje digitalnih dokazov na način, ki obravnava vprašanja o neprekinjenosti, preverjanju, reprodukciji in ponovljivosti. Vključuje najboljše prakse za izbiro, zasnovo in izvajanje analitičnih procesov in beleženje zadostne količine informacij, da lahko po potrebi takšni procesi postanejo predmet skrbnega pregleda. Podaja smernice za ustrezne mehanizme za prikaz strokovnosti in usposobljenosti preiskovalne ekipe.
Analiza in interpretacija digitalnih dokazov sta lahko zapleten proces. V nekaterih okoliščinah je mogoče uporabiti več metod, člani preiskovalne ekipe pa morajo v takšnem primeru utemeljiti izbiro določenega procesa in prikazati, da je enakovreden drugemu procesu, ki ga uporabljajo drugi preiskovalci. V drugih okoliščinah lahko preiskovalci zasnujejo nove metode za pregled digitalnih dokazov, ki še niso bile uporabljene, pri čemer naj bi prikazali, da je zasnovana metoda »primerna za uporabo«.
Uporaba določene metode lahko vpliva na interpretacijo digitalnih dokazov, obdelanih s
to metodo. Razpoložljivi digitalni dokazi lahko vplivajo na izbiro metod za nadaljnjo analizo digitalnih dokazov, ki so že pridobljeni.
Ta mednarodni standard podaja splošni okvir za analitične in interpretativne
elemente za obravnavanje informacijskega varnostnega incidenta in ga je mogoče uporabiti kot pomoč pri izvajanju novih metod in podaja minimalen skupni standard za digitalne dokaze, ki nastanejo pri takšnih aktivnostih.

General Information

Status
Published
Publication Date
23-Aug-2016
Withdrawal Date
27-Feb-2017
Current Stage
6060 - Definitive text made available (DAV) - Publishing
Start Date
24-Aug-2016
Due Date
02-Sep-2017
Completion Date
24-Aug-2016

Buy Standard

Standard
EN ISO/IEC 27042:2017
English language
25 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-januar-2017
,QIRUPDFLMVNDWHKQRORJLMD9DUQRVWQHWHKQLNH6PHUQLFH]DDQDOL]RLQWROPDþHQMH
GLJLWDOQLKGRND]RY ,62,(&
Information technology - Security techniques - Guidelines for the analysis and
interpretation of digital evidence (ISO/IEC 27042:2015)
Informationstechnik - IT-Sicherheitsverfahren - Leitfaden für die Analyse und
Interpretation digitaler Beweismittel (ISO/IEC 27042:2015)
Technologies de l'information - Techniques de sécurité - Lignes directrices pour l'analyse
et l'interprétation de preuves numériques (ISO/IEC 27042:2015)
Ta slovenski standard je istoveten z: EN ISO/IEC 27042:2016
ICS:
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EN ISO/IEC 27042
EUROPEAN STANDARD
NORME EUROPÉENNE
August 2016
EUROPÄISCHE NORM
ICS 35.040
English Version
Information technology - Security techniques - Guidelines
for the analysis and interpretation of digital evidence
(ISO/IEC 27042:2015)
Technologies de l'information - Techniques de sécurité Informationstechnik - IT-Sicherheitsverfahren -
- Lignes directrices pour l'analyse et l'interprétation de Leitfaden für die Analyse und Interpretation digitaler
preuves numériques (ISO/IEC 27042:2015) Beweismittel (ISO/IEC 27042:2015)
This European Standard was approved by CEN on 19 June 2016.

CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions
for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.

CEN and CENELEC members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and United Kingdom.

EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATIO N

EUROPÄISCHES KOMITEE FÜR NORMUN G

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2016 CEN and CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 27042:2016 E
reserved worldwide for CEN and CENELEC national
Members.
Contents Page
European foreword . 3
European foreword
The text of ISO/IEC 27042:2015 has been prepared by Technical Committee ISO/IEC JTC 1 “Information
technology” of the International Organization for Standardization (ISO) and the International
Electrotechnical Commission (IEC) and has been taken over as EN ISO/IEC 27042:2016.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by February 2017, and conflicting national standards
shall be withdrawn at the latest by February 2017.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent
rights.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta,
Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.
Endorsement notice
The text of ISO/IEC 27042:2015 has been approved by CEN as EN ISO/IEC 27042:2016 without any
modification.
INTERNATIONAL ISO/IEC
STANDARD 27042
First edition
2015-06-15
Information technology — Security
techniques — Guidelines for the
analysis and interpretation of digital
evidence
Technologies de l’information — Techniques de sécurité — Lignes
directrices pour l’analyse et l’interprétation de preuves numériques
Reference number
ISO/IEC 27042:2015(E)
©
ISO/IEC 2015
ISO/IEC 27042:2015(E)
© ISO/IEC 2015, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2015 – All rights reserved

ISO/IEC 27042:2015(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Symbols and abbreviated terms . 4
5 Investigation . 4
5.1 Overview . 4
5.2 Continuity . 5
5.3 Repeatability and reproducibility. 5
5.4 Structured approach . 5
5.5 Uncertainty . 6
6 Analysis . 7
6.1 Overview . 7
6.2 General principles . 7
6.3 Use of tools . 8
6.4 Record keeping . 8
7 Analytical models . 8
7.1 Static analysis . 8
7.2 Live analysis . 8
7.2.1 Overview . 8
7.2.2 Live analysis of non-imageable and non-copyable systems . 9
7.2.3 Live analysis of imageable or copyable systems . 9
8 Interpretation . 9
8.1 General . 9
8.2 Accreditation of fact . . 9
8.3 Factors affecting interpretation .10
9 Reporting .10
9.1 Preparation .10
9.2 Suggested report content .10
10 Competence.11
10.1 Overview .11
10.2 Demonstration of competence .11
10.3 Recording competence .11
11 Proficiency .12
11.1 Overview .12
11.2 Mechanisms for demonstration of proficiency .12
Annex A (informative) Examples of Competence and Proficiency Specifications .13
Bibliography .14
© ISO/IEC 2015 – All rights reserved iii

ISO/IEC 27042:2015(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are
members of ISO or IEC participate in the development of International Standards through technical
committees established by the respective organization to deal with particular fields of technical
activity. ISO and IEC technical committees collaborate in field
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.