The escalating scale and complexity of cybercrime necessitate standardized digital forensic protocols to ensure the integrity and admissibility of digital evidence. This study empirically assesses the use of ISO/IEC 27037 and ISO/IEC 27041 through three real-world digital forensic case studies conducted in organizational settings. A multi-case methodology was employed, encompassing a multinational corporate criminal investigation, an internal employee misbehaviour probe, and an examination into mobile- and cloud-based data leaks. The effect of synchronized standard implementation was evaluated using audit-based and quantitative indicators that measure forensic process quality as a system attribute. The findings demonstrate that the systematic implementation of ISO/IEC 27037 and ISO/IEC 27041 improves investigative traceability, documentation quality, and evidentiary robustness. In the worldwide case study, documentation completeness increased by 18%, and all digital evidence was deemed admissible in judicial proceedings, surpassing the institutional baseline admissibility rate of 82%. In other instances, evidence gathered within the same framework was acknowledged in organizational or disciplinary review processes, resulting in similar enhancements in documentation quality and procedural consistency, notwithstanding technological and organizational limitations. The paper develops and empirically substantiates an integrated procedural validation model that connects evidence-handling practices with method and instrument validation. The results indicate that the synchronized implementation of ISO/IEC forensic standards improves the transparency, dependability, and auditability of digital forensic investigations.
Morić et al. (Mon,) studied this question.