ISO/IEC 27042:2015 信息技术 安全技术 数字证据的分析和解释指南
标准编号:ISO/IEC 27042:2015
中文名称:信息技术 安全技术 数字证据的分析和解释指南
英文名称:Information technology — Security techniques — Guidelines for the analysis and interpretation of digital evidence
发布日期:2015-06
标准范围
ISO/IEC 27042:2015以解决连续性、有效性、再现性和可重复性问题的方式提供了数字证据分析和解释指南。它封装了分析过程的选择、设计和实施的最佳实践,并记录了足够的信息,以便在需要时对此类过程进行独立审查。它为证明调查小组的熟练程度和能力的适当机制提供指导。数字证据的分析和解释可能是一个复杂的过程。在某些情况下,可以采用几种方法,调查小组成员将被要求证明他们选择的特定程序是正当的,并说明它如何等同于其他调查人员使用的另一个程序。在其他情况下,调查人员可能必须设计新的方法来检查以前没有考虑过的数字证据,并且应该能够证明所产生的方法是“适合目的的”。特定方法的应用可能会影响该方法处理的数字证据的解释。可用的数字证据可能会影响对已获取的数字证据进行进一步分析的方法选择。ISO/IEC 27042:2015为信息系统安全事件处理的分析和解释要素提供了通用框架,可用于协助实施新方法,并为此类活动产生的数字证据提供最低通用标准。
ISO/IEC 27042:2015 provides guidance on the analysis and interpretation of digital evidence in a manner which addresses issues of continuity, validity, reproducibility, and repeatability. It encapsulates best practice for selection, design, and implementation of analytical processes and recording sufficient information to allow such processes to be subjected to independent scrutiny when required. It provides guidance on appropriate mechanisms for demonstrating proficiency and competence of the investigative team.Analysis and interpretation of digital evidence can be a complex process. In some circumstances, there can be several methods which could be applied and members of the investigative team will be required to justify their selection of a particular process and show how it is equivalent to another process used by other investigators. In other circumstances, investigators may have to devise new methods for examining digital evidence which has not previously been considered and should be able to show that the method produced is "fit for purpose".Application of a particular method can influence the interpretation of digital evidence processed by that method. The available digital evidence can influence the selection of methods for further analysis of digital evidence which has already been acquired.ISO/IEC 27042:2015 provides a common framework, for the analytical and interpretational elements of information systems security incident handling, which can be used to assist in the implementation of new methods and provide a minimum common standard for digital evidence produced from such activities.
标准预览图
