Does anyone use specific software to store/check-in/check-out evidence? In the physical world, a safe combined with stringent procedures, chain of custody and logs seems to work well. But what are the best practices for digital evidence? Specifically
1. What software do you use (if any)? Any open source software?
2. Do you store the original images only? aWork in progress? Notes?
3. How long do you store the evidence?
4. Do you have written policies/procedures you can share?
I often read things like "check this into your digital evidence vault" but I have yet to come across examples of such software. I currently only use OSS so perhaps EnCase and others have this built-in. Thanks.
We keep digital evidence in a vault. I guess safe is a more appropriate term as a vault is more of a walk in thing.
I wish we could take over one of the closed bank branches that are on the market. Then we could have a vault.
Thanks for the reply. However, I was not very clear in my question.
What I was asking is how you handle the actual digital files (i.e. dd images) on, say, a SAN. Do you just copy files to a folder? Or do you "upload" the file to a software application that stores it on the SAN and then has various auditing, access controls, check-in/check-out, etc. features. Thanks.
I've never actually seen a "digital vault". I think the closest you'd get is some form of document management system.
We use Tivoli TSM for "vault" storage. All of our images end up in this vault after cases are finalized.
The files are re-validated
PGP encrypted
Tarballed
and uploaded to a dedicated node.
We're currently exploring imaging directly to this vault.