Abstract

ISO/IEC 27037:2012 provides guidelines for specific activities in the handling of digital evidence, which are identification, collection, acquisition and preservation of potential digital evidence that can be of evidential value.

It provides guidance to individuals with respect to common situations encountered throughout the digital evidence handling process and assists organizations in their disciplinary procedures and in facilitating the exchange of potential digital evidence between jurisdictions.

ISO/IEC 27037:2012 gives guidance for the following devices and circumstances:

• Digital storage media used in standard computers like hard drives, floppy disks, optical and magneto optical disks, data devices with similar functions,
• Mobile phones, Personal Digital Assistants (PDAs), Personal Electronic Devices (PEDs), memory cards,
• Mobile navigation systems,
• Digital still and video cameras (including CCTV),
• Standard computer with network connections,
• Networks based on TCP/IP and other digital protocols, and
• Devices with similar functions as above.

The above list of devices is an indicative list and not exhaustive.