Guilty or not? ISO/IEC standard for credible digital evidence

21 Oct 2013 07:29
Hits: 3103

An ISO/IEC International Standard ensures the reliability and credibility of digital evidence, which is increasingly used in court cases and legal disputes due to the development of technology and the growth of cybercrime.

Digital proof can be gathered from computers, mobile phones, mobile navigation systems, digital still and video cameras, storage media (USBs, CDs, etc.) and other similar devices. The standard, ISO/IEC 27037:2012, Information technology – Security techniques – Guidelines for identification, collection, acquisition, and preservation of digital evidence, ensure the integrity of such evidence for its admission in legal, disciplinary and other actions.

Digital evidence is inherently fragile, as it may be easily altered, tampered with or destroyed through improper handling or examination. ISO/IEC 27037 provides a harmonized and globally accepted methodology to safeguard its integrity and authenticity. Just as importantly as crime, and in particular cybercrime, increasingly takes place across borders, ISO/IEC 27037 facilitates the exchange of digital evidence between jurisdictions by making sure that requirements and procedures are consistent.

ISO/IEC 27037 provides guidance to individuals involved in the identification, collection, acquisition and preservation of potential digital evidence such as:

Digital Evidence First Responders (DEFR)
Digital Evidence Specialists (DES)
Incident response specialists
Forensic laboratory managers

Decision-makers can rely on the standard to determine the credibility of digital evidence. It can also be used by organizations involved in protecting, analyzing and presenting digital evidence, as well as policy-making bodies creating and evaluating related procedures. The standard does not replace specific legal requirements of any jurisdiction, but is rather intended to serve as practical guidance in DEFR and DES investigations.

ISO/IEC 27037 complements other ISO/IEC IT security standards, notably ISO/IEC 27001 which outlines an information security management system and ISO/IEC 27002 which provides a code of practice for information security management.

ISO/IEC 27037:2012, Information technology – Security techniques – Guidelines for identification, collection, acquisition, and preservation of digital evidence, was developed by joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques.

Article & Image Credits: ISOorg

Guilty or not? ISO/IEC standard for credible digital evidence

Creating a Culture of Compliance Across Your Supply Chain

#WaterIs... standards!

15 THINGS YOU MUST KNOW ABOUT THE UPCOMING ISO 9001 REVISION

A Closer Look At The Skills Gap

A Galactic Lesson in Quality

A matter of trust - Conformity assessment in a more complex world

A measure of confidence - How standards build trust in weights and measures

A new way of looking at the cause and effect diagram

A resilient world within our reach

A standard for improving communities reaches final stage

A standard to facilitate the daily life of the financial services industry

A Step Forward

According to Plan

Adapting to Troubled Times

Additional support to financial services thanks to ISO/IEC

Adventure tourism - More excitement, less risk

African water benefits from standards

Ahead in the Count

Apples to Oranges?

Are consumers safe in the digital age?

Contact

Company

Certifications

Follow us