This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

HB 1712003

HB 1712003

Handbook
This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

Guidelines for the management of IT evidence

First published as HB 1712003.

COPYRIGHT
Standards Australia International All rights are reserved. No part of this work may be reproduced or copied in any form or by any means, electronic or mechanical, including photocopying, without the written permission of the publisher. Published by Standards Australia International Ltd GPO Box 5420, Sydney, NSW 2001, Australia
ISBN 0 7337 2795 6

This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

This page is intentionally left blank

HB 1712003 Guidelines for the management of IT evidence

Preface
This handbook has been prepared by Committee IT/012, Information Systems, Security and Identification Technology. It is intended for use as a reference document by a variety of audiences, including a) executives and Boards responsible for ensuring the existence of records that can be used in protecting the interests of their organization by initiating or defending legal proceedings or in their fulfilling a social responsibility as a witness;

This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

b) personnel who are responsible for designing/acquiring information technology systems that produce and/or store records and the staff responsible for their use and operation; c) personnel conducting an investigation or enquiry involving electronic records; and

d) adjudicators who base their decision, at least partially on IT evidence (e.g. judiciary, tribunal members, administrative management). The authors recognize the cross-disciplinary nature of the management of IT evidence, involving as it does business, legal and information technology professionals. As far as possible, the handbook has been written in plain English minimizing both legal and technical jargon.

Qualification
This handbook does not purport to provide legal advice. Compliance with this handbook does not guarantee the legal admissibility of electronic recordsit is a statement of best practice. Organizations are encouraged to seek both legal and other expert advice when implementing information technology systems that create, store, process or transmit documents of significant evidentiary value.

Copyright

Preface

iii

HB 1712003 Guidelines for the management of IT evidence

Acknowledgements
Standards Australia would like to acknowledge Ajoy Ghoshs efforts in drafting this handbook, authorship of which was sponsored jointly by the Commonwealth Attorney-Generals Department and the Australian Federal Police. The following organizations have contributed to the writing of this handbook: AusCERT Australian Federal Police Australasian Centre for Policing Research
This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

Australian Prudential Regulation Authority Australian Securities and Investment Commission Australian Taxation Office Action Group on E-Commerce Commonwealth Attorney-Generals Department Deacons Defence Signals Directorate Standards Australia sub-committee IT/012/04 (Security Techniques)

iv

Acknowledgements

Copyright

HB 1712003 Guidelines for the management of IT evidence

Contents
Preface ..................................................................................................................... 3 Qualification ...........................................................................................................iii Acknowledgements................................................................................................. iv Contents ................................................................................................................... v 1 Introduction ..................................................................................................... 1 1.1
This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

General................................................................................................. 1 Purpose................................................................................................. 1 Audience and scope ............................................................................. 2 What is IT evidence?............................................................................ 2 Why manage IT evidence?................................................................... 3 The management of IT evidence.......................................................... 5 Uses for IT evidence ............................................................................ 6 Terms and definitions........................................................................... 8

1.2 1.3 1.4 1.5 1.6 1.7 1.8 2

Principles for the management of IT evidence................................................ 9 2.1 2.2 2.3 2.4 Introduction.......................................................................................... 9 The principles....................................................................................... 9 Applying the principles ...................................................................... 10 Further guidance ................................................................................ 10

IT evidence management lifecycle ................................................................ 12 3.1 3.2 3.3 3.4 3.5 3.6 3.7 Introduction........................................................................................ 12 Stage 1: Design for evidence.............................................................. 13 Stage 2: Produce records.................................................................... 20 Stage 3: Collect evidence ................................................................... 21 Stage 4: Analyse evidence ................................................................. 24 Stage 5: Reporting and presentation................................................... 25 Stage 6: Determine evidentiary weight .............................................. 26

Copyright

Contents

HB 1712003 Guidelines for the management of IT evidence

APPENDICES A B C D E G8 principles applying to the recovery of digital evidence ........................... 27 Principles of good practice for information management ............................. 28 Guiding principles during evidence collection .............................................. 29 Expert witness code of conduct..................................................................... 31 Applying HB 231 risk assessment methodology........................................... 33

This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

vi

Contents

Copyright

HB 1712003 Guidelines for the management of IT evidence

1
1.1
This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

Introduction
General
Organizations are increasingly reliant on information communications technology (ICT) as a crucial component of operations. However, commentators have noted the apparent ease at which the complexities of the Internet and electronic records can be grossly oversimplified in judicial, commercial and academic contexts1. As a result, information is often, partially or otherwise, in electronic form. ICT brings potentially increased (or at least different) risks in terms of civil or criminal wrongdoing and organizations need to be able to protect themselves against those risks. Failure to do so raises governance and accountability issues for which the management of the organization could be held responsible. Many business decisions/actions are open to litigation or could involve official investigation e.g. contract disputes, employment issues, fraud, computer intrusion and copyright breaches. Records maintained on information systems increasingly govern our everyday business decisions/actions decisions/actions that are open to litigation or could involve official investigation e.g. contract disputes, employment issues, fraud, computer intrusion and copyright breaches. Organizations must be able to vouch for the reliability of the records upon which such decisions are made, or actions taken. This is particularly so for safety critical records e.g. health records upon which medical practitioners rely to know which leg to amputate (the patient is anaesthetized and cant say) or which medication to prescribe. Organizations need to be able to initiate or defend litigation or be in a position to refer matters to the authorities where appropriate. Alternatively, organizations may be required to give evidence in proceedings in which they are not parties. To do so, relevant information held by an organization must be in a form that can be used as evidence if required.

1.2

Purpose
This handbook aims to provide guidance on the management of electronic records that may be used as evidence in judicial or administrative proceedings, whether as a plaintiff, defendant, or witness. It will also be useful where suspect criminal activity is to be referred to appropriate authorities for investigation. By complying with this benchmark, organizations can make investment decisions and implement them with confidence that records created, stored, processed or transmitted electronically will be of evidentiary value.

Lim, Y Cyberspace Law: Commentary and materials, Oxford University Press, Melbourne, (2002) pg 51.
Section 1: Introduction 1

Copyright

This is a free preview. Purchase the entire publication at the link below:

HB 171-2003, Guidelines for the management of IT evidence

This is a free 8 page sample. Access the full version at http://infostore.saiglobal.com.

Looking for additional Standards? Visit SAI Global Infostore Subscribe to our Free Newsletters about Australian Standards in Legislation; ISO, IEC, BSI and more Do you need to Manage Standards Collections Online? Learn about LexConnect, All Jurisdictions, Standards referenced in Australian legislation Do you want to know when a Standard has changed? Want to become an SAI Global Standards Sales Affiliate? Learn about other SAI Global Services: LOGICOM Military Parts and Supplier Database Metals Infobase Database of Metal Grades, Standards and Manufacturers Materials Infobase Database of Materials, Standards and Suppliers Database of European Law, CELEX and Court Decisions

Need to speak with a Customer Service Representative - Contact Us