Table of Contents
Preface
Qualification
Acknowledgements
Contents
1 Introduction
1.1 General
1.2 Purpose
1.3 Audience and scope
1.4 What is IT evidence?
1.5 Why manage IT evidence?
1.6 The management of IT evidence
1.7 Uses for IT evidence
1.8 Terms and definitions
2 Principles for the management of IT evidence
2.1 Introduction
2.2 The principles
2.3 Applying the principles
2.4 Further guidance
3 IT evidence management lifecycle
3.1 Introduction
3.2 Stage 1: Design for evidence
3.3 Stage 2: Produce records
3.4 Stage 3: Collect evidence
3.5 Stage 4: Analyse evidence
3.6 Stage 5: Reporting and presentation
3.7 Stage 6: Determine evidentiary weight
APPENDICES
A G8 principles applying to the recovery of digital
evidence
B Principles of good practice for information
management
C Guiding principles during evidence collection
D Expert witness code of conduct
E Applying HB 231 risk assessment methodology
Abstract
Provides guidance on the management of electronic records that may be used as evidence in judicial or administrative proceedings, whether as a plaintiff, defendant, or witness. It will also be useful where suspect criminal activity is to be referred to appropriate authorities for investigation.
Scope
This handbook is aimed at board members, business management, Chief Information Officers, IT personnel (including contractors), regulators, auditors, investigators, legal professionals and the judiciary.
This handbook provides guidance relating to litigation in Australia. However, the processes and procedures are consistent with global industry best practice and will maximize the evidentiary weighting of electronic records in many other jurisdictions.
This handbook does not cover protective security, incident handling, administrative procedures, operational procedures and electronic evidence processing systems (e.g. DNA, fingerprints, etc.).
History
First published as HB 171-2003.