BS EN ISO/IEC 27037:2016

What is ISO/IEC 27037 - Guidelines for identification, collection, acquisition and preservation of digital evidence about?  

ISO/IEC 27037 provides guidelines for specific activities in handling digital evidence, which are identification, collection, acquisition and preservation of digital evidence that may be of evidential value.  

ISO/IEC 27037 guidance to individuals with respect to common situations encountered throughout the digital evidence handling process and assists organizations in their disciplinary procedures and in facilitating the exchange of potential digital evidence between jurisdictions.  

ISO/IEC 27037 gives guidance for the following devices and/or functions that are used in various circumstances:   

• Digital storage media used in standard computers like hard drives, floppy disks, optical and magneto-optical disks, data devices with similar functions 
• Mobile phones, Personal Digital Assistants (PDAs), Personal Electronic Devices (PEDs), memory cards 
• Mobile navigation systems 
• Digital still and video cameras (including CCTV) 
• Standard computer with network connections 
• Networks based on TCP/IP and other digital protocols, and  
• Devices with similar functions as above.  

Note 1: The above list of devices is an indicative list and not exhaustive.  

Note 2: Circumstances include the above devices that exist in various forms. For example, an automotive system may include a mobile navigation system, data storage, and sensory system.  

Who is ISO/IEC 27037 - Guidelines for identification, collection, acquisition and preservation of digital evidence for? 

ISO/IEC 27037 on guidelines for identification, collection, acquisition, and preservation of digital evidence is useful for: 

• Investigating agencies 
• Decision makers involved in digital evidence processes 
• Companies handling digital evidences 
• Policy making bodies 
• Information technology industry 

Why should you use ISO/IEC 27037 - Guidelines for identification, collection, acquisition and preservation of digital evidence? 

ISO/IEC 27037 provides guidelines for specific activities in handling potential digital evidence; these processes are: identification, collection, acquisition and preservation of potential digital evidence. These processes are required in an investigation that is designed to maintain the integrity of the digital evidence – an acceptable methodology in obtaining digital evidence that will contribute to its admissibility in legal and disciplinary actions as well as other required instances.  

ISO/IEC 27037 also provides general guidelines for the collection of non-digital evidence that may be helpful in the analysis stage of the potential digital evidence.  

ISO/IEC 27037 intends to provide guidance to those individuals responsible for the identification, collection, acquisition and preservation of potential digital evidence. These individuals include Digital Evidence First Responders (DEFRs), Digital Evidence Specialists (DESs), incident response specialists and forensic laboratory managers.  

ISO/IEC 27037 ensures that responsible individuals manage potential digital evidence in practical ways that are acceptable worldwide, with the objective to facilitate investigation involving digital devices and digital evidence in a systematic and impartial manner while preserving its integrity and authenticity.  

ISO/IEC 27037 also intends to inform decision-makers who need to determine the reliability of digital evidence presented to them. It is applicable to organizations needing to protect, analyze and present potential digital evidence. It is relevant to policy-making bodies that create and evaluate procedures relating to digital evidence, often as part of a larger body of evidence.