ISO/IEC 27041:2015 情報技術  —  セキュリティ技術  —  インシデント調査方法の適合性と妥当性を保証するためのガイダンス | ページ 6

3.1

atomic

performing a single function only

Note 1 to entry: A method (3.11) for recovery of all live files from a device can be atomic if it relies solely on the use of filesystem meta-data. A method for recovery of all deleted files is unlikely to be atomic as it will require sub-methods which identify and extract particular file structures from the data on the storage device based on knowledge of file contents (e.g. .jpg, .png, .odt, XML, etc.).

3.2

black box testing

examining a process by using it to process known inputs and comparing the results against predicted outputs which reflect the requirements for the process

3.3

client

person or organisation on whose behalf the investigation is to be undertaken

[SOURCE: ISO/IEC 27042:2015, 3.2]

3.4

confirmation

formal assessment of existing objective evidence that a process is fit (or remains fit) for a specified purpose

3.5

contemporaneous notes

contemporaneous record

written record of actions taken and decisions made, produced at the same time or as soon afterwards as is practically possible, as the actions and decisions it records

Note 1 to entry: In many jurisdictions, it is necessary for contemporaneous notes to be handwritten in non-erasable ink in a tamper-evident notebook to assist with issues of authenticity and admissibility.

[SOURCE: ISO/IEC 27042:2015, 3.4]

3.6

examination

set of processes applied to identify and retrieve relevant potential digital evidence from one or more sources

[SOURCE: ISO/IEC 27042:2015, 3.7]

3.7

investigation

application of examinations (3.6) , analyses, and interpretation to aid understanding of an incident

[SOURCE: ISO/IEC 27042:2015, 3.10]

3.8

investigative lead

person leading the investigation at a strategic level

[SOURCE: ISO/IEC 27042:2015, 3.11]

3.9

investigative team

all persons involved directly in the conduct of the investigation

[SOURCE: ISO/IEC 27042:2015, 3.12]

3.10

investigator

member of the investigative team (3.9) , including the investigative lead (3.8)

[SOURCE: ISO/IEC 27042:2015, 3.13]

3.11

method

definition of an operation which can be used to produce data or derive information as an output from specified inputs

Note 1 to entry: Ideally, a method (3.11) should be atomic (3.1) (i.e. it should not perform more than one function) in order to enable re-use of methods and the processes (3.12) derived from them and to reduce the amount of work required to validate processes.

3.12

process

operational implementation of a method (3.11)

3.13

producer

creator or provider of a tool (3.17) , including anyone who modifies or customises a tool

Note 1 to entry: The person(s) or organization(s) responsible for the creation or maintenance of a tool or customisation of a tool is the producer.

Note 2 to entry: Providing scripts to automate common functions modifies or customises a tool.

3.14

requirements

statement which translates or expresses a need and its associated constraints and conditions

Note 1 to entry: Requirements exist at different tiers and express the need in high-level form (e.g. software component requirement).

[SOURCE: ISO/IEC IEEE 29148:2011, 4.1.17]

3.15

requirements analysis

process (3.12) through which understanding and prioritisation of the requirements (3.14) is achieved

3.16

requirements capture

process (3.12) through which the requirements (3.14) for a process are discovered, reviewed, articulated, and documented

3.17

tool

software, hardware, or firmware used in a process (3.12)

3.18

validation

confirmation (3.4) , through the provision of objective evidence, that the requirements (3.14) for a specific intended use or application have been fulfilled

Note 1 to entry: Validation is carried out on a process (3.12) to ensure that it is fit for purpose, i.e. to ensure that the process, as implemented, produces expected results in a consistent, repeatable, and reproducible manner.

[SOURCE: ISO/IEC 27004:2009, 3.17, Modified – Note 1 to entry has been added]

3.19

validation set

series of objective tests with clearly defined goals, inputs, and outputs, directly related to the agreed requirements (3.14) for the process (3.12) under validation (3.18)

3.20

verification

confirmation (3.4) , through the provision of objective evidence, that specified requirements have been fulfilled

Note 1 to entry: Verification only provides assurance that a product conforms to its specification.

[SOURCE: ISO/IEC 27004:2009, 3.18, Modified – Original note was removed, Note 1 to entry has been added]

3.21

verification function

function which is used to verify that two sets of data are identical

[SOURCE: ISO/IEC 27037:2012, 3.25, Modified – Notes were removed]

3.22

white box testing

testing which includes inspection of the implementation detail

3.23

work instruction

detailed description of how to perform and record a process (3.12)

[SOURCE: ISO/TR 10013:2001, 3.1, Modified - changed from plural to singular, task changed to process]