Menu
A+ A A-

Guilty or not? ISO/IEC standard for credible digital evidence

  • Hits: 3102
Share

An ISO/IEC International Standard ensures the reliability and credibility of digital evidence, which is increasingly used in court cases and legal disputes due to the development of technology and the growth of cybercrime.

 

Digital proof can be gathered from computers, mobile phones, mobile navigation systems, digital still and video cameras, storage media (USBs, CDs, etc.) and other similar devices. The standard, ISO/IEC 27037:2012, Information technology – Security techniques – Guidelines for identification, collection, acquisition, and preservation of digital evidence, ensure the integrity of such evidence for its admission in legal, disciplinary and other actions.

Digital evidence is inherently fragile, as it may be easily altered, tampered with or destroyed through improper handling or examination. ISO/IEC 27037 provides a harmonized and globally accepted methodology to safeguard its integrity and authenticity. Just as importantly as crime, and in particular cybercrime, increasingly takes place across borders, ISO/IEC 27037 facilitates the exchange of digital evidence between jurisdictions by making sure that requirements and procedures are consistent.

ISO/IEC 27037 provides guidance to individuals involved in the identification, collection, acquisition and preservation of potential digital evidence such as:

  • Digital Evidence First Responders (DEFR)
  • Digital Evidence Specialists (DES)
  • Incident response specialists
  • Forensic laboratory managers

Decision-makers can rely on the standard to determine the credibility of digital evidence. It can also be used by organizations involved in protecting, analyzing and presenting digital evidence, as well as policy-making bodies creating and evaluating related procedures. The standard does not replace specific legal requirements of any jurisdiction, but is rather intended to serve as practical guidance in DEFR and DES investigations.

ISO/IEC 27037 complements other ISO/IEC IT security standards, notably ISO/IEC 27001 which outlines an information security management system and ISO/IEC 27002 which provides a code of practice for information security management.

ISO/IEC 27037:2012, Information technology – Security techniques – Guidelines for identification, collection, acquisition, and preservation of digital evidence, was developed by joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques.

Article & Image Credits: ISOorg

Share

Contact

Papaflessa 119 Piraeus 185.46, Greece
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Web: www.sqss.gr