ISO/IEC 27037 — LLMpedia

ISO/IEC 27037
Title	ISO/IEC 27037
Status	Published
Year	2012
Version	2012
Organization	ISO; IEC; Joint Technical Committee 1 (JTC 1)

Contents

Overview
Scope and Objectives
Key Principles and Requirements
Digital Evidence Handling Procedures
Roles and Responsibilities
Implementation and Compliance Guidance
Relationship to Other Standards and Legal Frameworks

ISO/IEC 27037 ISO/IEC 27037 provides guidelines for the identification, collection, acquisition and preservation of digital evidence, addressing procedural and technical aspects used in Interpol investigations, Europol operations, FBI casework and information security incident response in organizations such as NATO, United Nations, World Health Organization and corporate entities like Microsoft, Google, Apple Inc. and Amazon (company). The standard informs practitioners working with law enforcement agencies including the Crown Prosecution Service, U.S. Department of Justice and judicial bodies like the International Criminal Court and national courts such as those in United Kingdom and United States.

Overview

ISO/IEC 27037 establishes high-level guidance for handling digital evidence used in forensic processes applied by entities like National Institute of Standards and Technology and Forensic Science Service (United Kingdom), aligning with practices in European Union cybercrime units and private firms including KPMG, Deloitte, PwC and Ernst & Young. It complements frameworks produced by ISO/IEC JTC 1, interaction with committees such as ISO, IEC, and stakeholders including United Nations Office on Drugs and Crime and standards bodies like British Standards Institution. The guidance supports evidentiary integrity in contexts influenced by precedents from courts like the Supreme Court of the United States and tribunals such as the European Court of Human Rights.

Scope and Objectives

The scope addresses procedures for non-invasive identification, collection, acquisition and preservation of potential digital evidence across devices and media used by actors represented in lists from Interpol and Europol, and in corporate investigations involving entities such as Siemens, IBM, Oracle Corporation and Cisco Systems. Objectives include maintaining chain of custody acceptable to legal authorities such as High Court of Justice (England and Wales), ensuring admissibility in prosecutions led by the Crown Prosecution Service or U.S. Attorney General directives, and facilitating cross-border cooperation aligned with instruments like the Budapest Convention on Cybercrime and mutual legal assistance treaties managed by the United Nations.

Key Principles and Requirements

Core principles emphasize preservation of evidentiary integrity, documentation and traceability consistent with methodologies used by National Institute of Justice and academic programs at institutions such as Massachusetts Institute of Technology, Stanford University, University of Oxford and University of Cambridge. Requirements address non-destructive techniques, verification using cryptographic hashes acknowledged by Federal Information Processing Standards, and careful metadata capture paralleling practices in archives like the British Library and digital repositories such as Internet Archive. The standard promotes adherence to professional ethics recognized by organizations including the International Association of Computer Investigative Specialists and ACPO-style guidance used in United Kingdom policing.

Digital Evidence Handling Procedures

Procedural guidance covers identification of potential sources — mobile devices used by Samsung, Huawei, Xiaomi, personal computers by Dell (company), HP Inc., servers in data centers operated by Equinix and cloud services from Amazon Web Services and Microsoft Azure — and prescribes acquisition techniques compatible with tools from vendors like AccessData and Sleuth Kit communities. Preservation steps include creation of forensic images, maintaining cryptographic verification traceable to standards cited by National Institute of Standards and Technology and documented in chain-of-custody records acceptable to courts such as the European Court of Justice. Handling procedures acknowledge constraints from laws like the Fourth Amendment to the United States Constitution and statutory frameworks such as the Data Protection Act 2018 and General Data Protection Regulation applied in European Union jurisdictions.

Roles and Responsibilities

The standard delineates roles for evidence custodians, forensic practitioners, incident response teams and legal advisors frequently represented by institutions like Crown Prosecution Service, U.S. Department of Justice and corporate legal departments of Facebook (now Meta Platforms, Inc.). Responsibilities include documentation, preservation, secure transport and provision of expert testimony before courts such as the International Criminal Court and national supreme courts. It further implicates oversight by accreditation bodies like United Kingdom Accreditation Service and conformity assessment organizations modeled on International Accreditation Forum practices.

Implementation and Compliance Guidance

Implementation guidance encourages organisations to integrate ISO/IEC 27037 with management systems used by ISO/IEC 27001-aligned programs at enterprises such as Siemens AG and General Electric, and to adopt training standards developed by universities and professional bodies including SANS Institute and International Organization for Standardization workshops. Compliance activities involve audit trails, evidence handling policies acceptable to regulators like the Information Commissioner's Office and reporting mechanisms used in investigations by Europol and national cyber security centres such as United Kingdom National Cyber Security Centre and Cybersecurity and Infrastructure Security Agency.

Relationship to Other Standards and Legal Frameworks

ISO/IEC 27037 is positioned alongside normative documents including ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27043 and technical specifications from NIST and interoperability guidance from European Committee for Standardization. Legal alignment is required with statutes and treaties such as the Budapest Convention on Cybercrime, General Data Protection Regulation and jurisdictional case law from courts like the Supreme Court of the United States and the European Court of Human Rights, impacting admissibility and cross-border evidence transfer managed through Mutual Legal Assistance Treaty channels.

Category:Information security standards