New IEC and ISO Standard for Credible Digital Evidence
The IEC (International Electrotechnical Commission), a standards body in electrotechnology, and ISO (International Organization for Standardization), through the ISO/IEC JTC (Joint Technical Committee) 1: Information Technology, have released a new International Standard which will ensure the reliability and credibility of digital evidence, which is increasingly used in court cases and legal disputes due to the development of technology and the growth of cybercrime.
Digital proof can be gathered from computers, mobile phones, mobile navigation systems, digital still and video cameras, storage media (USBs, CDs, etc.) and other similar devices. The new standard, ISO/IEC 27037, Information technology – Security techniques – Guidelines for identification, collection, acquisition, and preservation of digital evidence, will ensure the integrity of such evidence for its admission in legal, disciplinary, and other actions.
Digital evidence is inherently fragile, as it may be easily altered, tampered with, or destroyed through improper handling or examination.
Decision-makers can rely on the standard to determine the credibility of digital evidence. It can also be used by organizations involved in protecting, analyzing, and presenting digital evidence, as well as policy-making bodies creating and evaluating related procedures. The standard does not replace specific legal requirements of any jurisdiction, but is rather intended to serve as practical guidance in DEFR (Digital Evidence First Responders) and DES (Digital Evidence Specialists) investigations.
ISO/IEC 27037 provides a harmonized and globally accepted methodology to safeguard its integrity and authenticity. ISO/IEC 27037 will facilitate the exchange of digital evidence between jurisdictions by making sure that requirements and procedures are consistent: this recognizes that crime, and in particular cybercrime, increasingly takes place across borders. The new Standard provides guidance to individuals involved in the identification, collection, acquisition, and preservation of potential digital evidence such as:
- Forensic laboratory managers
- DEFR (Digital Evidence First Responders)
- DES (Digital Evidence Specialists)
- Incident response specialists
ISO/IEC 27037 complements other ISO/IEC IT security standards, notably ISO/IEC 27001 which outlines an information security management system and ISO/IEC 27002 which provides a code of practice for information security management. ISO/IEC 27037, Information technology – Security techniques – Guidelines for identification, collection, acquisition, and preservation of digital evidence, was developed by ISO/IEC JTC 1, SC (Subcommittee) 27: IT Security techniques.