Re: Case Images

[Kevin Halgren <kevin.halgren () WASHBURN EDU>]

To my knowledge, the only certain way to demonstrate chain of custody 
and maintain the integrity of the data, from a court's perspective, is 
to retain the original hard drive.  You could conceivably store them 
off-site in a secure location where chain of custody can be maintained, 
e.g. with a bank.

I wouldn't do anything without checking with your General Counsel 
first.  I'd phrase the question "How can I...?", a "Can I...?" question 
will more than likely get a "No" answer.  :)

Kevin
--

Kevin Halgren
Assistant Director - Systems and Network Services
Washburn University
(785) 670-2341
kevin.halgren () washburn edu


On 8/4/2011 11:17 AM, Mclaughlin, Kevin (mclaugkl) wrote:
> Hi Everyone:
>
> I am wondering if anyone has come across a good, secure (:)  ) and effective way to archive their HD images from internal 
> cyber investigations/ litigation hold work?  We do a fairly large amount of these each year and it is becoming cumbersome to 
> physically store the actual hard drives, not to mention it's not really cost effective to keep purchasing additional 
> drives.
>
> We do roll the cases off per our retention policy (case closed +1, +2 etc.)  but some of the cases remain active for legal 
> reasons even though we don't need to do anything with them other than store them safely.  The cases that remain open 
> with no activity required are the ones I am thinking about archiving off somewhere/somehow.
>
> Thanks in advance for any process or best practice ideas you would be willing to share,
>
> - Kevin
>
>
> Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, PMP, ITIL Master Certified
> Assistant Vice President, Information Security&  Special Projects
> University of Cincinnati
> 513-556-9177
>
> The University of Cincinnati is one of America's top public research institutions and one of the region's largest 
> employers, with a student population of more than 41,000.
>
> [cid:image001.gif@01CC529F.DDCD9FE0]