ISO IEC 27042:2015 pdf free
ISO IEC 27042:2015 pdf free.Information technology – Security techniques
Because the final outcome can be difficult to determine during the initial stages of the investigation it is important that the investigation is carried out in a manner which is inherently reliable and which produces digital evidence which has reliable provenance.
This can be achieved by competent investigators using examinations which are composed of validated analytical processes, in which they are proficient, and ensuring that every item of digital produced can be traced back to the source of potential digital evidence from which it is derived.
As discussed in ISO/IEC 27037:2012, proper recording of the chain of custody and processes applied to potential digital evidence, helps to ensure that there can be no allegations that spoliation has occurred as a result of tampering by some unknown party. This is achieved by having rigorous and complete records of all processes applied in order to produce digital evidence from a source of potential digital evidence.
Use of contemporaneous notes is highly beneficial in this regard as notes taken during the process tend be more accurate than notes and records produced some time after the events which they describe.
Digital evidence which has been produced by methods which do not satisfy the principles of repeatability and reproducibility are highly susceptible to challenge and can call into question the competence and proficiency of the investigative team which uses them. While it may be necessary to devise new methods during an investigation, in order to address new technology or a previously unknown investigative need,the application of proper validation (see ISO/IEC 27041) can assist with demonstration that methods reliably and reproducibly produce results which satisfy an investigative need (see also Figure 1).
Investigators have a duty to ensure that they report their findings as fully and impartially as possible. In order to achieve this, a structured approach to investigation, which should be carried out by competent and proficient investigators, should be adopted with potential digital evidence sources being subjected to examinations, made up of individual analyses appropriate to the devices and data under investigation.
This structure is shown in Figure 3 and more detail of analysis, interpretation, reporting, competence and proficiency is given in the next clauses.ISO IEC 27042 pdf download.