6. 建立數位證據保全SOP與資安鑑識機制能量
實務上作法可參考國際標準:
6
ISO/IEC 27037:2012 Guidelines for identification, collection, acquisition,
and preservation of digital evidence(DEFSOP) [eForensics]
ISO/IEC 27041:2015 Guidance on assuring suitability and
adequacy of incident investigative methods.(SOP)
ISO/IEC 27042:2015 Guidelines for the analysis and
interpretation of digital evidence.(證據能力)
ISO/IEC 27043:2015 Incident investigation principles and
processes. (證據能力與證明力, 證據有效性)
ISO/IEC 27050 — Information technology — Security
techniques — Electronic discovery (DRAFT)
ISO/IEC FDIS 27050-1 Information technology -- Security techniques
-- Electronic discovery -- Part 1: Overview and concepts
ISO/IEC 27017:2015 will cover information security controls for
cloud computing.
ISO/IEC 27018:2014 covers PII (Personally Identifiable
Information) in public clouds.(PIISMS)
I-
Lo
ng
Lin
for
AC
FD
&
TW
CE
RT
CC,
201
7
10. 10
@電腦鑑識(數位鑑識)方法與基本原則
(Computer Forensics,Cyber Forensics)
(Warren G. Kruse ii and Jay G. Heiser, 2002, Computer Forensics – Incident Response Essentials, Addison Wesley)
定義:(資通安全鑑識)
以周延的方法及程序保存, 識別, 抽取, 記載, 及解讀電腦及網路
媒體證據與分析其成因之科學
方法與基本原則 (CIA+C)(CIAC)
在不改變或破壞證物的情況下取得原始證物(I完整性)
證明所抽取的證物來自扣押的證物(A準確性)
在不改變證物的情況下進行分析(C一致性)
#C (Compliance)符合性:數位鑑識過程必須符合法律規範的,
如此產出的結果才具有證據能力。(C 符合性)(By Paul Lin)
(Albert J, Marcella Jr. and Robert S, Greenfield , 2002, Cyber
Forensics- A Field Manual of Collecting, Examining, and Preserving
Evidence of Computer Crimes)
The CIAC Model by Paul Lin(1995/2012)
I-Long Lin for 數位證據與鑑識實例分享 (ACFD),2017