Policies and Products surrounding investigation and storage

[Gregory N Pendergast/AC/VCU <gnpendergast () VCU EDU>]

I am looking into both policies and products surrounding the secure
storage of computes/disks/media involved in internal investigations. If
anyone has ideas about any of the following questions, I'd appreciate
hearing from you:
1) Where/How do you store computers and other digital media that is being
examined as part of an internal investigation (policy violation, security
incident, etc)?
2) Are there any products that you would recommend? (We're initially
thinking of something that provides both secure storage and water/fire
damage protection.)
3) How long do you retain the original evidence?
4) How do you dispose of the evidence once it's beyond its retention
cycle?
5) When the collection of evidence requires the confiscation of equipment
or media from faculty or staff, who authorizes the confiscation?  What
provisions do you have for providing replacement/loaner equipment to allow
the employee to continue working?


Again, input on any or all of these is greatly appreciated.


-------------------------------------------------------
Greg Pendergast
Information Security Analyst
Virginia Commonwealth University

VCU Information Security - http://infosecurity.vcu.edu/
Information Security News, Tips & More - http://www.twitter.com/vcuinfosec

Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, Social
Security number or confidential personal information.  For more details
visit http://infosecurity.vcu.edu/phishing.html.