Examining the state of preparedness of New Zealand Information Technology management for events that may require forensic analysis

Abstract

Computer security is of concern to those in IT (Information Technology) and forensic readiness (being prepared to deal effectively with events that may require forensic investigation) is a growing issue. This study used a survey of IT Managers in New Zealand to examine the state of awareness of IT (Information Technology) management in New Zealand regarding the field of digital forensics in general and their state of preparation for protection of forensic data in the case of an event requiring forensic analysis.

With 25% of organisations having no formal information security policy and only 15% requiring staff to keep up to date with its content, the 85% figure for respondents without forensic policy suggests that internal organisations’ policy and procedures are indeed inadequate to ensure admissibility of forensic evidence.

Less than a third of respondents’ organisations have any forensic capability at all, with only 8% having any internal forensic capability. These results strongly suggest that IT management does not sufficiently comprehend the admissibility of forensic evidence issue.

14 respondents’ organisations had prepared forensic evidence for use in court. Almost half was prepared by untrained staff. IT management expect operational IT staff to protect forensic data for possible use in court but the majority do not supply forensic training, so the evidence cannot be guaranteed inadmissible in court.