BS ISO/IEC 27041:2015 pdf download-Information technology — Security techniques — Guidance on assuring suitability and adequacy of incident investigative method.
5.5.2 Functional Requirements Functional requirements are those stemming directly from investigative needs and which are expected by the users of the process. They do not define how the process should operate but will include such considerations as expected inputs and outputs. All functional requirements should be satisfied by the investigation. EXAMPLE The need to process a particular type of filesystem is a functional requirement as it is derived directly from a source of potential digital evidence. 5.5.3? Verification?of?requirements Undertaking an exercise to verify the requirements will ensure that the specified requirements are well formed and that the needs of the investigative method have been adequately expressed. It involves an analysis of the recorded requirements to identify problems such as conflicting, missing, incomplete, ambiguous, inconsistent or incongruous requirements. Any identified problems should be resolved before moving on to subsequent assurance stages. 5.6 Process Design 5.6.1 Overview The design of a process should take account of all requirements identified as a result of the requirement capture and analysis stages. It should give detail of how the method will be implemented, taking account of accepted non-functional requirements and is the point at which tool selection should be carried out. Design need not specify the exact detail of each element of the process, but should clearly identify the flow of activity and evidential material from one step to the next. 5.6.2 Tool Selection During the design phase, any tools which may participate in the process should be identified and their role(s) in the resulting process identified. Where several tools can perform the same function in the process, it may be useful to identify some or all of these tools in order to cope with variation in operating environments (e.g. write blockers may offer different interfaces such as ATA, SATA, USB etc.)