ДСТУ EN ISO/IEC 27043:2022 Информационные технологии. Методы защиты. Принципы и процессы расследования инцидентов (EN ISO/IEC 27043:2016, IDT; ISO/IEC 27043:2015, IDT)

ДСТУ EN ISO/IEC 27043:2022
(EN ISO/IEC 27043:2016, IDT; ISO/IEC 27043:2015, IDT)

Інформаційні технології. Методи захисту. Принципи та процеси розслідування інцидентів

 
   
 
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

Foreword

1 Scope

2 Normative references

3 Terms and definitions

4 Symbols and abbreviated terms

5 Digital investigations

5.1 General principles

5.2 Legal principles

6 Digital investigation processes

6.1 General overview of the processes

6.2 Classes of digital investigation processes

7 Readiness processes

7.1 Overview of the readiness processes

7.2 Scenario definition process

7.3 Identification of potential digital evidence sources process

7.4 Planning pre-incident gathering, storage, and handling of data representing potential digital evidence process

7.5 Planning pre-incident analysis of data representing potential digital evidence process

7.6 Planning incident detection process

7.7 Defining system architecture process

7.8 Implementing system architecture process

7.9 Implementing pre-incident gathering, storage, and handling of data representing potential digital evidence process

7.10 Implementing pre-incident analysis of data representing potential digital evidence process

7.11 Implementing incident detection process

7.12 Assessment of implementation process

7.13 Implementation of assessment results process

8 Initialization processes

8.1 Overview of initialization processes

8.2 Incident detection process

8.3 First response process

8.4 Planning process

8.5 Preparation process

9 Acquisitive processes

9.1 Overview of acquisitive processes

9.2 Potential digital evidence identification process

9.3 Potential digital evidence collection process

9.4 Potential digital evidence acquisition process

9.5 Potential digital evidence transportation process

9.6 Potential digital evidence storage and preservation process

10 Investigative processes

10.1 Overview of investigative processes

10.2 Potential digital evidence acquisition process

10.3 Potential digital evidence examination and analysis process

10.4 Digital evidence interpretation process

10.5 Reporting process

10.6 Presentation process

10.7 Investigation closure process

11 Concurrent processes

11.1 Overview of the concurrent processes

11.2 Obtaining authorization process

11.3 Documentation process

11.4 Managing information flow process

11.5 Preserving chain of custody process

11.6 Preserving digital evidence process

11.7 Interaction with physical investigation process

12 Digital investigation process model schema

Annex A (informative) Digital investigation processes: motivation for harmonization

Bibliography