Chain of custody

rslade · ‎12-06-2019

Chain of custody is vitally important ...

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

CraginS · ‎12-06-2019

@rslade wrote:
Chain of custody is vitally important ...

Pick your strongest chain

Chain 1

Chain 2

Chain 3

Chain 4

Craig

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

Caute_cautim · ‎12-06-2019

@CraginSA good sense of health humour

@rsladeRemove the human factor, an excellent starting place for Augmented Intelligence, Audit, and removal of emotions; and human error.

Regards

Caute_cautim

rslade · ‎12-07-2019

@CraginS wrote:
Pick your strongest chain

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

Caute_cautim · ‎12-07-2019

@rslade @CraginS Either we are a bunch of cynics or basically no matter what is put forward there is always a weak chain - eliminating that weak point, often is overlooked.

A New Zealand example which occurred this week is included:

https://crux.org.nz/community/12-hour-cellinternet-meltdown-severe-civil-defence-implications/?fbcli...

Yet technology marches on regardless.

Regards

Caute_cautim

CraginS · ‎12-08-2019

@Caute_cautim wrote:
@rsladeRemove the human factor, an excellent starting place for Augmented Intelligence, Audit, and removal of emotions; and human error.

John,

I'm afraid absolutely none of those suggestions can help with a chain of custody requirement, which is what Rob's post refers to.

Chain of custody is a legal requirement to ensure objects or information with potential use as evidence in court have been verified as protected from tampering while in the custody of legal authorities. There will always be a human factor in maintaining a verifiable record of custodian and storage. The issue of chain of custody is even tricker when applied to data systems, because the requirement must apply to both the physical hardware and to the data at issue. It is for this reason that forensic analysis of data starts with creating an exact mirror of the data on the system of interest, and all forensic analysis software is applied to that mirror, not to the original source system; the very act of applying forensic analysis software to the data would be a form of tampering in the eyes of the court, making the original evidence potentially invalid for use in a hearing or trial.

Your further comments appear to address broader aspects of cybersecurity planning beyond the specific legal requirements of the original post. You make the key point that support may continued promotion fo using a systems engineering approach to security, always considering all parts of the complete system, including people, process, and tools. We can never fully eliminate the human factor. However, by always recognizing it, we can sometimes use tools (computer systems) and processes (such as AI) to overcome weaknesses introduced by having people as part of a the system. Maybe we should branch off to the broader planning topic in a new thread?

Best regards,

Craig

complete system.

SHould we branch this topic to a

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts

rslade · ‎12-09-2019

Since this has engendered some discussion, I will post my chain of custody/chain of
evidence story.

At one point, a car rental company decided to try and get me to pay for some pre-
existing damage on one of their cars that I had rented. I was facing some pretty
steep bills over it. I had been discussing it with them, and, purely because it was
part of a travel expense, kept a copy of the damage report from when I had
rented the car. In one phone conversation, one of their people mentioned an
annotation on the damage report that didn't appear on my copy, demonstrating
that they had altered the report subsequent to the rental.

I never heard another thing from them.

(After that experience, I got *very* careful about doing the damage reports, and
definitely kep all of them for some time after ...)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
A common fallacy is that authors of incomprehensible code will
somehow be able to express themselves clearly in comments.
- Kevlin Henney
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

denbesten · ‎12-10-2019

@rslade wrote:
(After that experience, I got *very* careful about doing the damage reports, and
definitely keep all of them for some time after ...)

When taking and returning the vehicle, I have gotten in the habit of additionally taking about a dozen pictures on my phone, which time/location stamps and uploads to the cloud. And, I generally try to include "their" employee in at least one of pic.

Kinda annoys the employees, probably because I am slowing the line, but I figure that pictures are more convincing to a judge than a few scribbles on a line drawing of a car.

P.S. I also did the same thing on the only lease I ever turned in.