My lab is looking for a way to get the results of our analysis to clients in a more convenient way than burning CDs or copying our results out to an external hard drive then couriering the data to our client.
I was wondering if anybody knows of a web eDiscovery app that could handle hosting the data we find in our investigation? This way we could just have the evidence hosted so our client could view it from anywhere without the hassle of getting drives and CDs to them… How much would something like this cost?
I'm also curious how everybody else handles their productions.
Thanks for the help!
My 0.02$ on this.
Putting in ANY way sensitive data online appears to me as a possible security problem 😯 , whatever the protocol/encryption/app is used, it is a potential cause for troubles.
Of course the image/data can be stolen from the courier or lost, but it is a much unlikely event to occur, even if we recently had the example of the UK mess
http//
wink
jaclaz
I have to side with jaclaz on this one - I'm not sure that it is such a good idea. Legal issues aside …
However, having said that, Autopsy ( http//
If you wanted to persist with this idea, I would suggest
(1) Each case is held on it's own machine ( virtual machines would be an option as they can be configured to restrict access - available for free under Linux )
(2) Very strong firewall rules are in place to restrict access to a limited set of IPs. ( If Linux - could be free )
(3) VPN technology would be used to encrypt traffic between server and end-point. ( Could be free - OpenSWAN for example )
(4) Multifactor authentication would be good. ( Never free 😉 )
(5) Regular PenTest/Vulnerability assessment to keep security as high as possible. ( Absolutely never free for PenTest - nessus for vuln. assessment free )
… where I say free, I mean no cost of software, implementation takes effort, effort = money …
I think that the cost/effort involved in implementation would almost certainly outweigh any cost/effort savings on distribution.
We use CryptCD if sending media on CD. It is far better than an unencrypted CD in the mail. It allows you to password protect the CD, basically auto-running an application that in turn decrypts a single data file containing all your information.
We use an Extranet for cases that involve back-and-forth activity, that is, where we are presenting information/evidence but also receiving information from lawyers, PI's , etc. We use a straight-forward DMZ approach behind a Nokia Checkpoint firewall. We serve up the information on a SharePoint server, with another server as a database (the database server has its own DMZ). As a presentation and collaboration tool, SharePoint is great. I've got an extensive IT background and have to admit I've not seen a better tool for litigation support (hosting evidence, reports, etc.). It allows granular permissions and expiries, etc.
As an aside, we have recently started using MS OneNote for case management (its a pilot at this point). It feeds well into many other MS products including SharePoint.
Thanks for the inputs on my idea. I can see the security issues with this approach. That will definitely be an issue that will need to be sufficiently addressed before doing this.
Thanks again.
Give the items to them in person.
Even my out of state clients will foot the bill for a trip to hand over findings in person as opposed to the mail.
If you must mail it, Fed Ex provides the best level of service and confirmation every step of the way through email or to your phone.