This International Standard provides guidelines based on idealized models for common incident investigation processes across various incident investigation scenarios involving digital evidence. This includes processes from pre-incident preparation through investigation closure, as well as any general advice and caveats on such processes. The guidelines describe processes and principles applicable to various kinds of investigations, including, but not limited to, unauthorized access, data corruption, system crashes, or corporate breaches of information security, as well as any other digital investigation.<\/p>\n
In summary, this International Standard provides a general overview of all incident investigation principles and processes without prescribing particular details within each of the investigation principles and processes covered in this International Standard. Many other relevant International Standards, where referenced in this International Standard, provide more detailed content of specific investigation principles and processes.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 7<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | Introduction <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 1\tScope 2\tNormative references 3\tTerms and definitions <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 4\tSymbols and abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 16<\/td>\n | 5\tDigital investigations 5.1\tGeneral principles 5.2\tLegal principles <\/td>\n<\/tr>\n | ||||||
| 17<\/td>\n | 6\tDigital investigation processes 6.1\tGeneral overview of the processes 6.2\tClasses of digital investigation processes <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 7\tReadiness processes 7.1\tOverview of the readiness processes <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 7.2\tScenario definition process 7.3\tIdentification of potential digital evidence sources process <\/td>\n<\/tr>\n | ||||||
| 23<\/td>\n | 7.4\tPlanning pre-incident gathering, storage, and handling of data representing potential digital evidence process 7.5\tPlanning pre-incident analysis of data representing potential digital evidence process 7.6\tPlanning incident detection process 7.7\tDefining system architecture process <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 7.8\tImplementing system architecture process 7.9\tImplementing pre-incident gathering, storage, and handling of data representing potential digital evidence process 7.10\tImplementing pre-incident analysis of data representing potential digital evidence process 7.11\tImplementing incident detection process <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 7.12\tAssessment of implementation process 7.13\tImplementation of assessment results process 8\tInitialization processes 8.1\tOverview of initialization processes <\/td>\n<\/tr>\n | ||||||
| 26<\/td>\n | 8.2\tIncident detection process <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | 8.3\tFirst response process 8.4\tPlanning process 8.5\tPreparation process <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 9\tAcquisitive processes 9.1\tOverview of acquisitive processes 9.2\tPotential digital evidence identification process <\/td>\n<\/tr>\n | ||||||
| 29<\/td>\n | 9.3\tPotential digital evidence collection process 9.4\tPotential digital evidence acquisition process 9.5\tPotential digital evidence transportation process 9.6\tPotential digital evidence storage and preservation process <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 10\tInvestigative processes 10.1\tOverview of investigative processes <\/td>\n<\/tr>\n | ||||||
| 31<\/td>\n | 10.2\tPotential digital evidence acquisition process 10.3\tPotential digital evidence examination and analysis process 10.4\tDigital evidence interpretation process 10.5\tReporting process <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 10.6\tPresentation process 10.7\tInvestigation closure process 11\tConcurrent processes 11.1\tOverview of the concurrent processes <\/td>\n<\/tr>\n | ||||||
| 33<\/td>\n | 11.2\tObtaining authorization process 11.3\tDocumentation process 11.4\tManaging information flow process 11.5\tPreserving chain of custody process <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 11.6\tPreserving digital evidence process 11.7\tInteraction with physical investigation process 12\tDigital investigation process model schema <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | Annex\u00a0A (informative) Digital investigation processes: motivation for harmonization <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Information technology. Security techniques. Incident investigation principles and processes<\/b><\/p>\n |