ISO 27037 Electronic Evidence Management Guidelines

The ISO / IEC 27037:2012 (Information technology – Security techniques – Guidelines for identification, collection, acquisition, and preservation of digital evidence) provides guidance on best practices in the identification, acquisition and preservation of potential digital evidence to take advantage of its probative value. It is intended for use in digital forensic investigations, aimed at clarifying events that involve an electronic or digital resource in some way.

The standard provides guidance for dealing with common situations throughout the process of handling digital evidence. Among other purposes, it is intended to assist organisations in their procedures for handling exceptional circumstances involving data managed within them so that the exchange of potential digital evidence and its presentation as evidence in court or arbitration can be facilitated.

It defines two specialist roles in the management of electronic evidence:

  • Digital Evidence First Responders (DEFR). Electronic evidence first responder expert.
  • Digital Evidence Specialists (DES). Expert in electronic evidence management

ISO/IEC 27037:2012 provides guidance for the following devices and circumstances:

  • Digital storage media used in computers such as hard disks, floppy disks, optical and magneto optical disks, data devices with similar functions
  • Mobile phones, Personal Digital Assistants (PDAs), Personal Electronic Devices (PEDs), memory cards
  • Mobile navigation systems
  • Digital cameras and video cameras (including CCTV)
  • Widely used computers connected to networks
  • Networks based on TCP/IP and other protocols.
  • Devices with similar functions to the above

Among its characteristics it is worth mentioning:

  • Provides guidance on the handling of digital evidence. Following the guidelines of this standard ensures that potential digital evidence is collected in a valid way for legal purposes to facilitate its contribution to jurisdictional environments (trials and arbitrations).
  • It covers a range of device types and situations, so the guidance within the standard is broadly applicable.