CAN/CSA-ISO/IEC 27042:18
1 Scope
This International Standard provides guidance on the analysis and interpretation of digital evidence
in a manner which addresses issues of continuity, validity, reproducibility, and repeatability. It
encapsulates best practice for selection, design, and implementation of analytical processes and
recording sufficient information to allow such processes to be subjected to independent scrutiny
when required. It provides guidance on appropriate mechanisms for demonstrating proficiency and
competence of the investigative team.
Analysis and interpretation of digital evidence can be a complex process. In some circumstances, there
can be several methods which could be applied and members of the investigative team will be required
to justify their selection of a particular process and show how it is equivalent to another process used
by other investigators. In other circumstances, investigators may have to devise new methods for
examining digital evidence which has not previously been considered and should be able to show that
the method produced is “fit for purpose”.
Application of a particular method can influence the interpretation of digital evidence processed by
that method. The available digital evidence can influence the selection of methods for further analysis
of digital evidence which has already been acquired.
This International Standard provides a common framework, for the analytical and interpretational
elements of information systems security incident handling, which can be used to assist in the
implementation of new methods and provide a minimum common standard for digital evidence
produced from such activities.
OEN:
CSA
Langue:
English
Code(s) de l'ICS:
35.040
Statut:
Norme
Date de Publication:
2018-08-31
Numéro Standard:
CAN/CSA-ISO/IEC 27042:18