Full text

1. Introduction

Technological development - especially informatics - is still moving forward. Information technology is increasingly penetrating not only into the lives of professionals but also into the lives of ordinary people. People spend a significant amount of time of both their working and leisure time in cyberspace. Because people move between the real physical world and cyberspace (immersion environment), there is a blending of these two quite different environments.

Unfortunately, negative aspects of real life also penetrate into cyberspace, and this includes cybercrime. Further, the fact that people spend a lot of time in cyberspace means that they leave there a significant amount of data. Crime investigation was originally based in the real world, but evidence/data can now be also obtained from cyberspace (in digital form). Forensic methods for obtaining digital evidence are still evolving, as the volume of digital data grows. The number of people who deal with digital evidence is also growing. (Hegarty, Lamb, Attwood, 2014)

International Organization for Standardization (ISO) is engaged in the development and publication of standards for almost all areas of human activity. This concerns standards for products, services and best practices. The family of standards ISO 27000 focuses on information security including digital forensic investigation (Veber, Klíma, 2014), which also includes standard ISO/IEC 27037: 2012 (ISO, 2012) - hereafter referred to simply as ISO 27037 or the standard. ISO 27037 describes procedures for the handling of potential digital evidence. This standard belongs to the group of standards for best practices and summarizes the procedures that should be followed during the identification, collection, acquisition and preservation of potential...