Notifications
Clear all

FTP and CoC

15 Posts
5 Users
0 Likes
1,276 Views
(@nigel)
Posts: 13
Active Member
Topic starter
 

Does recieving data via FTP or sending data via FTP break the Chain of Custody?
If not, what steps should one take in order to not break the CoC?
Thanks.

 
Posted : 08/02/2006 11:00 pm
schlecht
(@schlecht)
Posts: 46
Eminent Member
 

Why risk jeoparidizing the admissibility of evidence like that. If I need to transfer large amounts of data, it should be on media and transported by an authorized agent, or a bonded service that can verify secure transport methods for the evidence.

FTP is unencrypted. I guess you could hash the sent and received files to verify the integrity of the file, but there are other issues to be concerned about. I wouldn't introduce any doubt into your chain of custody procedures.

 
Posted : 09/02/2006 12:58 am
(@armresl)
Posts: 1011
Noble Member
 

"FTP is unencrypted"

That is not true, we occasionaly use an encrypted FTP client to transfer data from one of our offices to another. While the speed is slow it is encrypted.

 
Posted : 09/02/2006 1:36 am
schlecht
(@schlecht)
Posts: 46
Eminent Member
 

Original poster said FTP, not SFTP or SCP or even a client with encryption enabled. Straight FTP is unecrypted, authentication can be sniffed and so can files - why risk it. Yes you have to be on the wire, and sometimes doing some ARP poisoning - but still why? If it really has to be sent over a wire, I'd hash it, sign it and send it via encrypted channels.

 
Posted : 09/02/2006 2:03 am
(@nigel)
Posts: 13
Active Member
Topic starter
 

Almost everything is sent is by bonded service that can verify secure transport methods for the evidence; but occationally becuase of time constraints we either recieve data on our FTP site (or clients) or send data to our FTP site (or clients). At times it is SFTP; at times it is not.
I am trying to close as many holes as possible.

If we hash the contents prior to FTP, email the hash to client, would this be considered a break in CoC? Or the reverse, if we recieve the data with hash.
Thanks for the quick responses.

 
Posted : 09/02/2006 2:23 am
schlecht
(@schlecht)
Posts: 46
Eminent Member
 

I'd hash it and sign the hash, then you know the hash wasn't tampered with.

 
Posted : 09/02/2006 2:25 am
(@nigel)
Posts: 13
Active Member
Topic starter
 

If we sent data we hash, if we recieve data and its not hashed would the CoC be broken? Or would a CoC still be possible if it is our secure FTP site with some sort of logging mechanism?

 
Posted : 09/02/2006 2:56 am
schlecht
(@schlecht)
Posts: 46
Eminent Member
 

Yes, you need to verify the file that you have received.

 
Posted : 09/02/2006 3:11 am
(@nigel)
Posts: 13
Active Member
Topic starter
 

So, under the scenerio where I recieve data on our secure FTP site with no hash created by the client prior to sending to us, how would we insure CoC?
Use FTP logs? Then create hash? Thanks.

 
Posted : 09/02/2006 4:58 am
schlecht
(@schlecht)
Posts: 46
Eminent Member
 

So, under the scenerio where I recieve data on our secure FTP site with no hash created by the client prior to sending to us, how would we insure CoC?
Use FTP logs? Then create hash? Thanks.

You have to verify the integrity of that image you are passing. To do so, you would have to hash the image before it's sent. Transmit the image, and hash it when it is received. I would personally also sign (gpg,pgp) the original hash just to make sure that doesn't get tampered with also.

 
Posted : 09/02/2006 5:59 am
Page 1 / 2
Share: