Courts are increasingly adopting the (or similar reliability standards) for digital evidence. To be admissible, evidence must be scientifically valid and properly applied. ISO/IEC 27042 is the de facto benchmark for "properly applied."
ISO/IEC 27042 does not allow "standard IT tools" for forensic analysis unless they are validated. You cannot use regedit to browse a suspect's registry hive because regedit writes to the registry as it opens it (Last Write Time changes). iso iec 27042
The standard demands that interpretations must be accompanied by: Courts are increasingly adopting the (or similar reliability
The standard mandates:
If a finding will terminate an employee or be used in litigation, validate it with a second tool. For example: iso iec 27042
Maintaining a strict chain of custody to show the evidence has not been altered since acquisition.