ISO/IEC 27037:2012 信息技术 安全技术 数字证据的识别、连接、采集及保存指南

标准编号：ISO/IEC 27037:2012

中文名称：信息技术 安全技术 数字证据的识别、连接、采集及保存指南

英文名称：Information technology — Security techniques — Guidelines for identification, collection, acquisition and preservation of digital evidence

发布日期：2012-10

标准范围

ISO/IEC 27037:2012为处理数字证据的具体活动提供了指南，即识别、收集、获取和保存可能具有证据价值的潜在数字证据。它就整个数字证据处理过程中遇到的常见情况向个人提供指导，并协助组织的纪律程序和促进司法管辖区之间潜在数字证据的交换。ISO/IEC 27037:2012为以下器械和环境提供了指导:标准计算机中使用的数字存储介质，如硬盘驱动器、软盘、光盘和磁光盘、具有类似功能的数据设备，移动电话、个人数字助理(PDA)、个人电子设备(PED)、存储卡，移动导航系统、数码相机和摄像机（包括闭路电视），具有网络连接的标准计算机，基于TCP/IP和其他数字协议的网络，以及具有与上述类似功能的设备。以上设备列表是指示性列表，并非详尽无遗。

ISO/IEC 27037:2012 provides guidelines for specific activities in the handling of digital evidence, which are identification, collection, acquisition and preservation of potential digital evidence that can be of evidential value.It provides guidance to individuals with respect to common situations encountered throughout the digital evidence handling process and assists organizations in their disciplinary procedures and in facilitating the exchange of potential digital evidence between jurisdictions.ISO/IEC 27037:2012 gives guidance for the following devices and circumstances:

• Digital storage media used in standard computers like hard drives, floppy disks, optical and magneto optical disks, data devices with similar functions,
• Mobile phones, Personal Digital Assistants (PDAs), Personal Electronic Devices (PEDs), memory cards,
• Mobile navigation systems,
• Digital still and video cameras (including CCTV),
• Standard computer with network connections,
• Networks based on TCP/IP and other digital protocols, and
• Devices with similar functions as above.

标准预览图