Does recieving data via FTP or sending data via FTP break the Chain of Custody?
If not, what steps should one take in order to not break the CoC?
Thanks.
Why risk jeoparidizing the admissibility of evidence like that. If I need to transfer large amounts of data, it should be on media and transported by an authorized agent, or a bonded service that can verify secure transport methods for the evidence.
FTP is unencrypted. I guess you could hash the sent and received files to verify the integrity of the file, but there are other issues to be concerned about. I wouldn't introduce any doubt into your chain of custody procedures.
"FTP is unencrypted"
That is not true, we occasionaly use an encrypted FTP client to transfer data from one of our offices to another. While the speed is slow it is encrypted.
Original poster said FTP, not SFTP or SCP or even a client with encryption enabled. Straight FTP is unecrypted, authentication can be sniffed and so can files - why risk it. Yes you have to be on the wire, and sometimes doing some ARP poisoning - but still why? If it really has to be sent over a wire, I'd hash it, sign it and send it via encrypted channels.
Almost everything is sent is by bonded service that can verify secure transport methods for the evidence; but occationally becuase of time constraints we either recieve data on our FTP site (or clients) or send data to our FTP site (or clients). At times it is SFTP; at times it is not.
I am trying to close as many holes as possible.
If we hash the contents prior to FTP, email the hash to client, would this be considered a break in CoC? Or the reverse, if we recieve the data with hash.
Thanks for the quick responses.
I'd hash it and sign the hash, then you know the hash wasn't tampered with.
If we sent data we hash, if we recieve data and its not hashed would the CoC be broken? Or would a CoC still be possible if it is our secure FTP site with some sort of logging mechanism?
Yes, you need to verify the file that you have received.
So, under the scenerio where I recieve data on our secure FTP site with no hash created by the client prior to sending to us, how would we insure CoC?
Use FTP logs? Then create hash? Thanks.
So, under the scenerio where I recieve data on our secure FTP site with no hash created by the client prior to sending to us, how would we insure CoC?
Use FTP logs? Then create hash? Thanks.
You have to verify the integrity of that image you are passing. To do so, you would have to hash the image before it's sent. Transmit the image, and hash it when it is received. I would personally also sign (gpg,pgp) the original hash just to make sure that doesn't get tampered with also.