This International Standard provides guidelines based on idealized models for common incident investigation processes across various incident investigation scenarios involving digital evidence. This includes processes from pre-incident preparation through investigation closure, as well as any general advice and caveats on such processes. The guidelines describe processes and principles applicable to various kinds of investigations, including, but not limited to, unauthorized access, data corruption, system crashes, or corporate breaches of information security, as well as any other digital investigation.

In summary, this International Standard provides a general overview of all incident investigation principles and processes without prescribing particular details within each of the investigation principles and processes covered in this International Standard. Many other relevant International Standards, where referenced in this International Standard, provide more detailed content of specific investigation principles and processes.


Cross References:
ISO/IEC 27000
ISO 9000
ISO 15489-1
ISO/IEC 10118-2
ISO/IEC 17025
ISO/IEC 27001
ISO/IEC 27004:2009
ISO/IEC 27035
ISO/IEC 27037:2012
ISO/IEC 27038
ISO/IEC 27040
ISO/IEC 27041
ISO/IEC 27042
ISO/IEC 27044
ISO/IEC 27050
ISO/IEC 30121
ILAC-G19
ISO/IEC 12207:2008


Incorporates the following:
Corrigendum, September 2016