Fundamentals of Digital Forensics

The entities that seek to develop good practice guides in the area of incident response are numerous, however our references are ISSO/IEC, NIST and ENISA. Thus, there are some important documents in the development of the functions of the digital forensics expert, namely:

•       Incident Management Guide (ENISA 2010)

•       ISO/IEC 27035:2016 Information security incident management guide for medium and large organisations

•       ISO/IEC 27037:2012 Guide to the identification, collection, acquisition and preservation of digital evidence

•       NIST 800-86     Guide to the integration of forensic techniques in incident response

•       NIST IR 8796    Security Analysis of First Responder mobile devices and wearables

•       ISO/IEC 27001:2013 Definition of an ISMS (Information Security Management System)

•       ISO/IEC 27002:2013 Guide to good practices in information security

•       ISO/IEC 27005:2018 Information security risk management

•       ISO/IEC 27032:2012 Guide to cybersecurity

 ISO/IEC 27002 – Information security incident management defines the difference between Event and Incident, where an event may not always lead to anincident, but anincident always leads to anevent.