ISO/IEC INTERNATIONAL STANDARD 27042 First edition 2015-06-15 Information technology Security techniques Guidelines for the analysis and interpretation of digital evidence Technologies de I'information-Techniquesde sécurite-Lignes directricespourI'analyse et I'interprétation de preuves numeriques Reference number IS0/IEC27042:2015(E) TEC ISO @IS0/IEC2015 Copyright Intermafional Organization for Standardization rovided by IHS under lic Be with ISO IS0/IEC27042:2015(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2015,Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,or posting on the internet or an intranet,without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8. CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org rovided by IHS under networking permited without licanse from IHS Not for Resale, 12/25/2015 20:37:39 MST IS0/IEC27042:2015(E) Contents Page Foreword ..iv Introduction. .. 1 Scope. 2 Normative references 3 Terms and definitions 4 Symbols and abbreviated terms ..4 5 .4 Investigation 5.1 Overview .4 5.2 Continuity. .5 5.3 Repeatability and reproducibility .5 5.4 Structured approach .5 5.5 Uncertainty. .6 Analvsis .7 6 6.1 Overview. 6.2 General principles .7 6.3 Use oftools .8 6.4 Record keeping 8 ..8 7 Analytical models 7.1 Static analysis ..8 7.2 Live analysis .8 7.2.1 Overview .8 7.2.2 Liveanalysisof non-imageableand non-copyablesystems. .9 7.2.3 Live analysis of imageableor copyable systems. .9 8 Interpretation .9 8.1 General .9 8.2 Accreditation of fact. .9 8.3 Factorsaffectinginterpretation .10 Reporting. 9 .10 9.1 Preparation .10 9.2 Suggested report content .10 10 Competence. .11 10.1 Overview .11 10.2 Demonstration of competence .11 10.3 Recording competence ..11 11 Proficiency .12 11.1 Overview. ..12 11.2 Mechanismsfor demonstration of proficiency ..12 AnnexA(informative)ExamplesofCompetenceandProficiencySpecifications .13 Bibliography ..14 ili ed without license from IHS Not for Resale, 12/25/2015 20:37:39 MST