The constant weaknesses and inefficiencies in the information systems, use by users who feed it, procedural deficiencies and lack of security in aspects both in functional areas and in the logical environment, allows the scenario to be favorable for attacks and criminal facts.

The system audit is characterized by following phases, stages or procedures to be able to examine, verify and obtain criteria that will be taken into account for the recommendations that the company must adopt. Such recommendations will help the processes improve.

This contribution is made in order to establish that there are tools, strategies and actions to discover that, in computer media, through digital evidence it is possible to demonstrate and sustain weaknesses, possible anomalies that have been committed and that give rise to a criminal fact that has been proven object of study.