本国际标准提供了基于常见事件理想化模型的指南 涉及数字证据的各种事件调查场景的调查过程。这 包括从事件前准备到调查结束的流程，以及任何一般流程 对此类流程的建议和警告。该指南描述了适用于以下情况的流程和原则: 各种调查，包括但不限于未经授权的访问、数据损坏、， 系统崩溃，或公司违反信息安全，以及任何其他数字调查。总之，本国际标准概述了所有事故调查 原则和流程，但不规定每项调查的具体细节 本国际标准涵盖的原则和流程。许多其他相关的国际组织 本国际标准中引用的标准提供了更详细的具体内容 调查原则和程序。交叉引用:ISO/IEC 27000ISO 9000ISO 15489-1ISO/IEC 10118-2ISO/IEC 17025ISO/IEC 27001ISO/IEC 27004:2009ISO/IEC 27035ISO/IEC 27037:2012ISO/IEC 27038ISO/IEC 27040ISO/IEC 27041ISO/IEC 27042ISO/IEC 27044ISO/IEC 27050ISO/IEC 30121ILAC-G19ISO/IEC 12207:2008包含以下内容:勘误表，2016年9月

This International Standard provides guidelines based on idealized models for common incident investigation processes across various incident investigation scenarios involving digital evidence. This includes processes from pre-incident preparation through investigation closure, as well as any general advice and caveats on such processes. The guidelines describe processes and principles applicable to various kinds of investigations, including, but not limited to, unauthorized access, data corruption, system crashes, or corporate breaches of information security, as well as any other digital investigation.In summary, this International Standard provides a general overview of all incident investigation principles and processes without prescribing particular details within each of the investigation principles and processes covered in this International Standard. Many other relevant International Standards, where referenced in this International Standard, provide more detailed content of specific investigation principles and processes.Cross References:ISO/IEC 27000ISO 9000ISO 15489-1ISO/IEC 10118-2ISO/IEC 17025ISO/IEC 27001ISO/IEC 27004:2009ISO/IEC 27035ISO/IEC 27037:2012ISO/IEC 27038ISO/IEC 27040ISO/IEC 27041ISO/IEC 27042ISO/IEC 27044ISO/IEC 27050ISO/IEC 30121ILAC-G19ISO/IEC 12207:2008Incorporates the following:Corrigendum, September 2016