(국제표준) ISO/IEC 27037 INTERNATIONAL STANDARD

페이지 정보

작성자 관리자 댓글 0건 조회 1,721회 작성일 21-03-07 14:40

본문

Information technology — Security techniques — 
Guidelines for identification, collection, acquisition, and
preservation of digital evidence

ISO/IEC 27037:2012(E)

Foreword ............................................................................................................................................................. v
Introduction ...................................................................................................................................................... vi
1 Scope ..................................................................................................................................................... 1
2 Normative reference ............................................................................................................................ 1
3 Terms and definitions ......................................................................................................................... 2
4 Abbreviated terms ............................................................................................................................... 4
5 Overview ................................................................................................................................................ 6
5.1 Context for collecting digital evidence ........................................................................................... 6
5.2 Principles of digital evidence............................................................................................................ 6
5.3 Requirements for digital evidence handling .................................................................................. 6
5.3.1 General................................................................................................................................................... 6
5.3.2 Auditability ............................................................................................................................................ 7
5.3.3 Repeatability ......................................................................................................................................... 7
5.3.4 Reproducibility ..................................................................................................................................... 7
5.3.5 Justifiability .......................................................................................................................................... 7
5.4 Digital evidence handling processes .............................................................................................. 8
5.4.1 Overview ................................................................................................................................................ 8
5.4.2 Identification ......................................................................................................................................... 8
5.4.3 Collection .............................................................................................................................................. 9
5.4.4 Acquisition ............................................................................................................................................ 9
5.4.5 Preservation........................................................................................................................................ 10
6 Key components of identification, collection, acquisition and preservation of digital
evidence .............................................................................................................................................. 10
6.1 Chain of custody................................................................................................................................ 10
6.2 Precautions at the site of incident ................................................................................................. 11
6.2.1 General................................................................................................................................................. 11
6.2.2 Personnel ............................................................................................................................................ 11
6.2.3 Potential digital evidence ................................................................................................................ 12
6.3 Roles and responsibilities ............................................................................................................... 12
6.4 Competency ........................................................................................................................................ 13
6.5 Use reasonable care ......................................................................................................................... 13
6.6 Documentation ................................................................................................................................... 14
6.7 Briefing ................................................................................................................................................ 14
6.7.1 General................................................................................................................................................. 14
6.7.2 Digital evidence specific .................................................................................................................. 14
6.7.3 Personnel specific ............................................................................................................................. 15
6.7.4 Real-time incidents ........................................................................................................................... 15
6.7.5 Other briefing information ............................................................................................................... 15
6.8 Prioritizing collection and acquisition .......................................................................................... 16
6.9 Preservation of potential digital evidence.................................................................................... 17
6.9.1 Overview .............................................................................................................................................. 17
6.9.2 Preserving potential digital evidence ............................................................................................ 17
6.9.3 Packaging digital devices and potential digital evidence ......................................................... 17
6.9.4 Transporting potential digital evidence ........................................................................................ 18
7 Instances of identification, collection, acquisition and preservation .................................... 19
7.1 Computers, peripheral devices and digital storage media ....................................................... 19
7.1.1 Identification ....................................................................................................................................... 19
7.1.2 Collection ............................................................................................................................................ 21
ISO/IEC 27037:2012(E)
iv © ISO/IEC 2012 – All rights reserved
7.1.3 Acquisition ..........................................................................................................................................25
7.1.4 Preservation ........................................................................................................................................29
7.2 Networked devices ............................................................................................................................29
7.2.1 Identification .......................................................................................................................................29
7.2.2 Collection, acquisition and preservation ......................................................................................31
7.3 CCTV collection, acquisition and preservation ...........................................................................33
Annex A (informative) DEFR core skills and competency description ...................................................35
Annex B (informative) Minimum documentation requirements for evidence transfer .....................37
Bibliography ....................................................................................................................................................38