ISO/IEC INTERNATIONAL STANDARD 27037 First edition 2012-10-15 Information technology Security techniques Guidelines for identification, collection, acquisition, and preservation of digital evidence Technologies de Iinformation - Techniques de sécurite - Lignes directrices pour I'identification, la collecte, I'acquisition et la préservation depreuvesnumeriques Reference number ISO/IEC 27037:2012(E) 'so IEC @ISO/IEC2012 y IHS under ted without license from IHS Not for Resale ISO/IEC 27037:2012(E) COPYRIGHTPROTECTEDDOCUMENT ISO/IEC2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either isO at the address below or IsO's memberbody in the country of the requester. ISO copyright office Case postale 56. CH-1211 Geneva 20 Tel. + 4122749 01 11 Fax + 41 22 749 09 47 E-mail copyright@iso.org Web www.iso.org Published in Switzerland @ ISO/IEC 2012 - All rights reserved py IHS unde permitted without license from IHS Not for Resale ISO/IEC 27037:2012(E) Contents Page Foreword Introduction 1 Scope 2 Normative reference.. 3 Terms and definitions. 4 Abbreviated terms. 5 Overview..... 5.1 Context for collecting digital evidence ... 5.2 5.3 5.3.1 General.. 5.3.2 Auditability. 5.3.3 Repeatability. 5.3.4 Reproducibility 5.3.5 Justifiability 5.4 Digital evidence handling processes . 5.4.1 5.4.2 Identification.. 5.4.3 Collection. 5.4.4 Acquisition.... 5.4.5 Preservation. 6 Key components of identification, collection, acquisition and preservation of digital evidence ... ..10 6.1 Chain of custody.. 10 6.2 Precautions at the site of incident....... 11 6.2.1 General.. 11 6.2.2 Personnel 11 6.2.3 Potential digital evidence 6.3 6.4 Competency 6.5 Use reasonable care 6.6 Documentation 14 6.7 Briefing 14 6.7.1 General. 14 6.7.2 Digital evidence specific 14 6.7.3 Personnel specific...... 6.7.4 Real-timeincidents 15 6.7.5 Other briefing information .. 15 6.8 Prioritizing collection and acquisition ...... 16 6.9 Preservation of potential digital evidence.... 6.9.1 Overview... 17 6.9.2 Preserving potential digital evidence. 6.9.3 Packaging digital devices and potential digital evidence. 6.9.4 Transporting potential digital evidence... 18 7 Instances of identification, collection, acquisition and preservation ... 7.1 Computers, peripheral devices and digitai storage media ... 19 7.1.1 19 7.1.2 Collection ... ili Copyright International Organizaion for Standardization All rights reserved ted without license from IHS Not for Resale

.pdf文档 ISO IEC 27037 2012 Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence

文档预览
中文文档 49 页 50 下载 1000 浏览 0 评论 309 收藏 3.0分
温馨提示:本文档共49页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
ISO IEC 27037 2012 Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence 第 1 页 ISO IEC 27037 2012 Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence 第 2 页 ISO IEC 27037 2012 Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence 第 3 页
下载文档到电脑,方便使用
本文档由 人生无常 于 2024-08-31 16:22:28上传分享
站内资源均来自网友分享或网络收集整理,若无意中侵犯到您的权利,敬请联系我们微信(点击查看客服),我们将及时删除相关资源。