In the footsteps of Bob & Bing
Just 2 more days till I’m off to the ISO/IEC SC27 meeting in Singapore and I couldn’t resist the opportunity to use a clip from a relevant film;)
Anyway – some interesting new agenda items have appeared. Of these the most significant is new discussion slot on “Digital Forensic Processes”, suggesting there may be some new work items (aka drafting of new standards). It’s not clear where the request for this has appeared from or exactly what it relates to.
Given that I volunteered to be a rapporteur for study periods on “Digital Evidence Readiness & Analysis” and “Digital Evidence Validation & Verification” it seems a little redundant to me. We (the UK panel dealing with these) are proposing that readiness should be considered as part of Incident Management since it involves planning & auditing, Analysis should probably sit inside the existing draft 27037 document about evidence recovery, since it shares many common features and requirements, and that there should be a new standard for Validation & Verification.
With those in place, we think we cover all the critical phases of an investigation (and we are not going to say “forensic” because we now believe it is appropriate to broaden the standards so that every investigation is carried out to a high standard just in case it needs to go to court) – so I’m curious where the extra discussion has come from. Maybe the committee has realised just how much I like the sound of my own voice ?
Forensically sound(ing off) 
Leave a comment