Information Systems Audit Trails in Legal Proceedings as Evidence

Abstract

Australian State and Commonwealth Governments are interested in the collection, storage and presentation of audit trail information, particularly within a legal framework. Law enforcement agencies have a legal obligation to keep audit records of all activity on information systems used within their operations. Little to no research has been identified in relation to the use of internal audit systems for evidentiary purpose. A brief history of audit trails is given with requirements for such audit trails beyond the year 2000. The Queensland Police Service (QPS), Australia, is used as a major case study . Information on principles, techniques and processes used, and the reason for the recording, storing and releasing of audit information for evidentiary purposes have been studied. To assist in determining current practice in the Australian Commonwealth and State Governments the results of an Australia wide survey of all government departments are given and contrasted to the major study for QPS. Reference is also made to the legal obligations for authorization of audit analysis, expert witnessing and legal precedence in relation to court acceptance or rejection of audit information used in evidence. It is shown that most organizations studied generate and retain audit trails but the approach is not consistent nor is it comprehensive. It is suggested that these materials would not withstand a serious legal challenge.