scope:

This International Standard provides guidelines that encapsulate idealized models for common investigation processes across various investigation scenarios. This includes processes from pre-incident preparation up to and including returning evidence for storage or dissemination as well as general advice and caveats on processes and appropriate identification, collection, acquisition, preservation, analysis, interpretation and presentation of evidence. A basic principle of digital investigations is repeatability, where a suitably-skilled investigator should be able to obtain the same result as another similarly-skilled investigator, working under similar conditions. This principle is exceptionally important to any general investigation. Guidelines for many investigation processes have been provided to ensure that there is clarity and transparency in obtaining the produced result for each particular process. The motivation to provide guidelines for incident investigation principles and processes follows.