Requirements for collection and preservation of cybersecurity incident evidence
20HR1300, 능동적 사전보안을 위한 사이버 자가변이 기술개발,
- Recommendation ITU-T X.1216 describes a general procedure for cybersecurity incident response and investigation. It also analyses sources of cybersecurity incident evidence and specifies capability requirements for tools used for collection and preservation of such evidence in an investigative process. This Recommendation also specifies reliability assurance requirements for these tools as guidelines to developers who design tools for such purpose.