ISO/IEC 27037:2012 provides guidelines for specific activities in the handling of digital evidence, which are identification, collection, acquisition and preservation of potential digital evidence that can be of evidential value.
IEC 27037
There were no globally accepted standards on acquiring digital evidence before ISO/IEC 27037 was released. The police have created guidelines for acquiring, protecting, and preserving electronic evidence. Having said that, when transnational crimes are committed, it can be difficult to present the forensic evidence obtained in one country in another. The evidence that was obtained or protected without requisite security may be technically inadmissible.
A new ISO/IEC standard (27037) is in its final development stages which will aim to supply guidelines for identification, acquisition, collection and preservation of digital evidence. It is part of the 27k series, dealing with Information technology security techniques. Its publication is expected inthe second half of 2012; it is now at the Draft International Standard stage.
La ISO/IEC 27037:2012 no aborda los procedimientos legales, procedimientos disciplinarios y otras acciones relacionadas con el inadecuado manejo de la evidencia digital; se entiende que la aplicación de esta norma internacional exige además el cumplimiento de las leyes, normas y reglamentos nacionales. No sustituye los requisitos legales específicos de cualquier jurisdicción.
So, what happened? Accredia extended the idea behind standards like ISO/IEC 27017 and ISO/IEC 27018 (written for extending the controls of a statement of applicability, also in the context of an ISO/IEC 27001 certification) to standards very differently written, such as ISO/IEC 27035 and ISO/IEC 27037.
ISO/IEC 27037:2012 provides guidelines for specific activities in the handling of digital evidence, which are identification, collection, acquisition and preservation of potential digital evidence that can be of evidential value.It provides guidance to individuals with respect to common situations encountered throughout the digital evidence handling process and assists organizations in their disciplinary procedures and in facilitating the exchange of potential digital evidence between jurisdictions.ISO/IEC 27037:2012 gives guidance for the following devices and circumstances:- Digital storage media used in standard computers like hard drives, floppy disks, optical and magneto optical disks, data devices with similar functions,- Mobile phones, Personal Digital Assistants (PDAs), Personal Electronic Devices (PEDs), memory cards,- Mobile navigation systems,- Digital still and video cameras (including CCTV),- Standard computer with network connections,- Networks based on TCP/IP and other digital protocols, and- Devices with similar functions as above.The above list of devices is an indicative list and not exhaustive.
ISO/IEC 27037 is technology and jurisdictional neutral, and does not recommend any specific product. A digital evidence handled in accordance with international standard ISO 27037 provides a kind of assurance to any court that irrespective of the fact that who and from which country such evidence is collected, it has maintained its evidentiary value. The standard does not supersede the national laws but add to the procedural aspects of handling of digital evidences. This also means that an accused in his defence can show the court that the investigators have not followed the procedures given in the ISO/IEC 27037, hence the electronic evidence has lost is evidentiary value, because the standard is based on the least common denominator of electronic evidence handling and anything short can have an impact on the weight of electronic evidence. Interestingly there is a British Standard BS 10008 which deals with the evidential weight and legal admissibility of the electronic information.
ISO/IEC 27037 being an internationally accepted standard is an important instrument to provide reliable standardised approach towards handling of digital evidences and will have impact on admissibility and reliability of evidence in any court proceeding. It is therefore necessary that all investigating officers must familiarise themselves with the bare minimum requirements which must be met in respect of handling of digital evidences to be acceptable in any court of the world. This can be very critical especially in handling issues related to terrorism, money laundering, drug trafficking and other trans-national crimes.
Lo standard è internazionale, quindi non esiste uno standard ISO 27037 italiano ma va contestualizzato il documento valido a livello internazionale sulla base delle norme vigenti nel nostro ordinamento.
Nello svolgimento delle proprie consulenze tecniche, BIT4LAW segue un rigoroso processo metodologico basato sullo standard ISO 27037, potendo in questo modo garantire la correttezza delle operazioni svolte e il rispetto delle migliori prassi tecniche.
Por fim, foram descritos neste artigo os principais pontos de interesse na Norma ABNT ISO/IEC 27037:2013. É fortemente indicado a leitura do seu conteúdo na íntegra, uma vez que aqui foi apresentado apenas um breve resumo. 2ff7e9595c
Comments