ImageVerifierCode 换一换
格式:PDF , 页数:47 ,大小:2.75MB ,
资源ID:682861      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-682861.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(DIN EN ISO IEC 27037-2016 Information technology - Security techniques - Guidelines for identification collection acquisition and preservation of digital evidence (ISO IEC 27037 20.pdf)为本站会员(eventdump275)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

DIN EN ISO IEC 27037-2016 Information technology - Security techniques - Guidelines for identification collection acquisition and preservation of digital evidence (ISO IEC 27037 20.pdf

1、December 2016 English price group 20No part of this translation may be reproduced without prior permission ofDIN Deutsches Institut fr Normung e. V., Berlin. Beuth Verlag GmbH, 10772 Berlin, Germany,has the exclusive right of sale for German Standards (DIN-Normen).ICS 35.030!%X“2599153www.din.deDIN

2、EN ISO/IEC 27037Information technology Security techniques Guidelines for identification, collection, acquisition and preservation of digital evidence (ISO/IEC 27037:2012);English version EN ISO/IEC 27037:2016,English translation of DIN EN ISO/IEC 27037:2016-12Informationstechnik ITSicherheitsverfah

3、ren Leitfaden fr die Identifikation, Mitnahme, Sicherung und Erhaltung digitaler Beweismittel (ISO/IEC 27037:2012);Englische Fassung EN ISO/IEC 27037:2016,Englische bersetzung von DIN EN ISO/IEC 27037:2016-12Technologies de linformation Techniques de scurit Lignes directrices pour lidentification, l

4、a collecte, lacquisition et la prservation de preuves numriques (ISO/IEC 27037:2012);Version anglaise EN ISO/IEC 27037:2016,Traduction anglaise de DIN EN ISO/IEC 27037:2016-12www.beuth.deDocument comprises 47 pagesDTranslation by DIN-Sprachendienst.In case of doubt, the German-language original shal

5、l be considered authoritative.01.17 DIN EN ISO/IEC 27037:2016-12 2 A comma is used as the decimal marker. National foreword This document (EN ISO/IEC 27037:2016) has been prepared by Joint Technical Committee ISO/IEC JTC 1 “Information technology”, Subcommittee SC 27 “IT Security techniques” (Secret

6、ariat: DIN, Germany). Based on a decision of CEN/BT, ISO/IEC 27037:2012 has been submitted to the Unique Acceptance Procedure (UAP) and taken over as EN ISO/IEC 27037:2016 without any modification. The responsible German body involved in its preparation was DIN-Normenausschuss Informationstechnik un

7、d Anwendungen (DIN Standards Committee Information Technology and selected IT Applications), Working Committee NA 043-01-27-04 AK IT-Sicherheitsmanahmen und Dienste. The DIN Standard corresponding to the International Standard referred to in this document is as follows: ISO/IEC 27000 E DIN ISO/IEC 2

8、7000*)National Annex NA (informative) Bibliography E DIN ISO/IEC 27000, Information technology Security techniques Information security management systems Overview and vocabulary *)Under preparation. EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN ISO/IEC 27037 August 2016 ICS 35.040 English Ve

9、rsion Information technology - Security techniques - Guidelines for identification, collection, acquisition and preservation of digital evidence (ISO/IEC 27037:2012) Technologies de linformation - Techniques de scurit - Lignes directrices pour lidentification, la collecte, lacquisition et la prserva

10、tion de preuves numriques (ISO/IEC 27037:2012) Informationstechnik - IT-Sicherheitsverfahren - Leitfaden fr die Identifikation, Mitnahme, Sicherung und Erhaltung digitaler Beweismittel(ISO/IEC27037:2012) This European Standard was approved by CEN on 19 June 2016. CEN and CENELEC members are bound to

11、 comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CE

12、NELEC Management Centre or to any CEN and CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC

13、 Management Centre has the same status as the official versions. CEN and CENELEC members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Irel

14、and, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Cen

15、tre: Avenue Marnix 17, B-1000 Brussels 2016 CEN and CENELEC All rights of exploitation in any form and by any means reserved worldwide for CEN and CENELEC national Members. Ref. No. EN ISO/IEC 27037:2016 E Contents Page European foreword . 4 Introduction . 6 1 Scope . 8 2 Normative reference 8 3 Ter

16、ms and definitions . 9 4 Abbreviated terms . 11 5 Overview 13 5.1 Context for collecting digital evidence . 13 5.2 Principles of digital evidence 13 5.3 Requirements for digital evidence handling 13 5.3.1 General. 13 5.3.2 Auditability 14 5.3.3 Repeatability . 14 5.3.4 Reproducibility . 14 5.3.5 Jus

17、tifiability 14 5.4 Digital evidence handling processes 15 5.4.1 Overview 15 5.4.2 Identification . 15 5.4.3 Collection 16 5.4.4 Acquisition 16 5.4.5 Preservation 17 6 Key components of identification, collection, acquisition and preservation of digital evidence 17 6.1 Chain of custody 17 6.2 Precaut

18、ions at the site of incident . 18 6.2.1 General. 18 6.2.2 Personnel 18 6.2.3 Potential digital evidence 19 6.3 Roles and responsibilities . 19 6.4 Competency 20 6.5 Use reasonable care . 20 6.6 Documentation . 21 6.7 Briefing 21 6.7.1 General. 21 6.7.2 Digital evidence specific 21 6.7.3 Personnel sp

19、ecific . 22 6.7.4 Real-time incidents . 22 6.7.5 Other briefing information . 22 6.8 Prioritizing collection and acquisition 23 6.9 Preservation of potential digital evidence 24 6.9.1 Overview 24 6.9.2 Preserving potential digital evidence 24 6.9.3 Packaging digital devices and potential digital evi

20、dence . 24 6.9.4 Transporting potential digital evidence 25 DIN EN ISO/IEC 27037:2016-12 EN ISO/IEC 27037:2016 (E)2Foreword . 5 7.1.3 Acquisition 32 7.1.4 Preservation 36 7.2 Networked devices 36 7.2.1 Identification .36 7.2.2 Collection, acquisition and preservation 38 7.3 CCTV collection, acquisit

21、ion and preservation .40 Annex A (informative) DEFR core skills and competency description .42 Annex B (informative) Minimum documentation requirements for evidence transfer .44 Bibliography 45 DIN EN ISO/IEC 27037:2016-12 EN ISO/IEC 27037:2016 (E) 37 Instances of identification, collection, acquisi

22、tion and preservation 26 7.1 Computers, peripheral devices and digital storage media . 26 7.1.1 Identification . 26 7.1.2 Collection 28 European foreword The text of ISO/IEC 27037:2012 has been prepared by Technical Committee ISO/IEC JTC 1 “Information technology” of the International Organization f

23、or Standardization (ISO) and the International Electrotechnical Commission (IEC) and has been taken over as EN ISO/IEC 27037:2016. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by February 2017, an

24、d conflicting national standards shall be withdrawn at the latest by February 2017. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. Ac

25、cording to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germa

26、ny, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. Endorsement notice The text of ISO/IEC 27037:2012 has been approved by CEN as EN ISO/IEC

27、27037:2016 without any modification. DIN EN ISO/IEC 27037:2016-12 EN ISO/IEC 27037:2016 (E)4 Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are m

28、embers of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international

29、organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the IS

30、O/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least

31、75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 27037 was prepared by Joint Technical Com

32、mittee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques. DIN EN ISO/IEC 27037:2016-12 EN ISO/IEC 27037:2016 (E) 5 Introduction This International Standard provides guidelines for specific activities in handling potential digital evidence; these processes are: identif

33、ication, collection, acquisition and preservation of potential digital evidence. These processes are required in an investigation that is designed to maintain the integrity of the digital evidence an acceptable methodology in obtaining digital evidence that will contribute to its admissibility in le

34、gal and disciplinary actions as well as other required instances. This International Standard also provides general guidelines for the collection of non-digital evidence that may be helpful in the analysis stage of the potential digital evidence. This International Standard intends to provide guidan

35、ce to those individuals responsible for the identification, collection, acquisition and preservation of potential digital evidence. These individuals include Digital Evidence First Responders (DEFRs), Digital Evidence Specialists (DESs), incident response specialists and forensic laboratory managers

36、. This International Standard ensures that responsible individuals manage potential digital evidence in practical ways that are acceptable worldwide, with the objective to facilitate investigation involving digital devices and digital evidence in a systematic and impartial manner while preserving it

37、s integrity and authenticity. This International Standard also intends to inform decision-makers who need to determine the reliability of digital evidence presented to them. It is applicable to organizations needing to protect, analyze and present potential digital evidence. It is relevant to policy

38、-making bodies that create and evaluate procedures relating to digital evidence, often as part of a larger body of evidence. The potential digital evidence referred to in this International Standard may be sourced from different types of digital devices, networks, databases, etc. It refers to data t

39、hat is already in a digital format. This International Standard does not attempt to cover the conversion of analog data into digital format. Due to the fragility of digital evidence, it is necessary to carry out an acceptable methodology to ensure the integrity and authenticity of the potential digi

40、tal evidence. This International Standard does not mandate the use of particular tools or methods. Key components that provide credibility in the investigation are the methodology applied during the process, and individuals qualified in performing the tasks specified in the methodology. This Interna

41、tional Standard does not address the methodology for legal proceedings, disciplinary procedures and other related actions in handling potential digital evidence that are outside the scope of identification, collection, acquisition and preservation. Application of this International Standard requires

42、 compliance with national laws, rules and regulations. It should not replace specific legal requirements of any jurisdiction. Instead, it may serve as a practical guideline for any DEFR or DES in investigations involving potential digital evidence. It does not extend to the analysis of digital evide

43、nce and it does not replace jurisdiction-specific requirements that pertain to matters such as admissibility, evidential weighting, relevance and other judicially controlled limitations on the use of potential digital evidence in courts of law. This International Standard may assist in the facilitat

44、ion of potential digital evidence exchange between jurisdictions. In order to maintain the integrity of the digital evidence, users of this International Standard are required to adapt and amend the procedures described in this International Standard in accordance with the specific jurisdictions leg

45、al requirements for evidence. Although this International Standard does not include forensic readiness, adequate forensic readiness can largely support the identification, collection, acquisition, and preservation process of digital evidence. Forensic readiness is the achievement of an appropriate l

46、evel of capability by an organization in order for it to be able to identify, collect, acquire, preserve, protect and analyze digital evidence. Whereas the processes and activities described in this International Standard are essentially reactive measures used to investigate an incident after it occ

47、urred, forensic readiness is a proactive process of attempting to plan for such events. DIN EN ISO/IEC 27037:2016-12 EN ISO/IEC 27037:2016 (E)6 This International Standard complements ISO/IEC 27001 and ISO/IEC 27002, and in particular the control requirements concerning potential digital evidence ac

48、quisition by providing additional implementation guidance. In addition, this International Standard will have applications in contexts independent of ISO/IEC 27001 and ISO/IEC 27002. This International Standard should be read in conjunction with other standards related to digital evidence and the investigation of information security incidents. DIN EN ISO/IEC 27037:2016-12 EN ISO/IEC 27037:2016 (E) 7 1 Scope This International Standard provides guidel

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1