1 hour 4 minutes
in this lesson, we'll talk about the importance of backing up case data
timeframes for data backup,
incremental versus full verses, differential backups
and storage media and requirements such as tape versus disk.
Besides creating backups, what is required for a successful backup strategy?
Testing backups A backup strategy is incomplete if backups are not successfully tested by ensuring they can be successfully restored.
As with data retention, taking and testing regular backups off case data and evidence is an essential part off enterprise security case management.
If any case related data is deleted or becomes corrupt, having a successful backup which is capable off restoration might read the difference between a case being successful or not.
There are obviously several ways to back up case data, including both commercial and open source solutions.
Which of a solution you choose to utilise? It must be able to take regular, consistent copies of data while maintaining the integrity off data being backed up.
Depending on the type of data, backups should be created daily, weekly, monthly
or on a longer timescale to ensure that if data must be restored, it is consistent and any and all work or changes made to a case are correctly reflected.
full backups are taken weekly, and, as the name suggests, they take a full backup off all the relevant data.
Whether that's the contents off a specific case folder or an entire medium,
full backups are also taken when major changes occur.
Differential backups, also aptly named,
create a backup of all the files, which have changed since the most recent full backup.
This type of backup is usually used for more frequent backups.
For example, if only full backups are being taken, and each is created on a Sunday if a system dies on Wednesday.
All of the work between Sunday and Wednesday has been lost,
with a differential backup being taken daily.
All of that work and those changes are captured in the differential backups.
The drawback off a differential backup strategy is that it takes up a lot of storage space.
The backup on Tuesday captures the changes since Monday,
but also the changes, which were captured in the Monday differential.
The benefit of differential backups is that you only need to restore to backups in the event of a system failure.
The most recent full backup
and the most recent differential.
In contrast, incremental backups only back up the changes made since the most recent backup off any kind.
Therefore, these types of backups are smaller than differential backups. However, in the event of a system failure, you would need to restore the most recent full backup
and all of the incremental backups. Since that full backup was created.
Your backup strategy will be bespoke
and will need to be defined with your organization's needs in mind.
Try to create a strategy which will allow you to recover as much relevant data as possible in the least amount of time.
However, also be sure to consider the amount of storage required. And don't forget to regularly test restore your backups to ensure they can actually be restored.
There are few things worse than trying to restore valuable data,
only to find your backups a corrupt.
it's necessary to understand which type of storage media is best for your backups. For example, backups, which will be used for long term storage should most likely be sent to tape, media and stored offsite. The issue with tape is speed
tape media. I usually very slow and restoring from type can take a very long time.
The benefit of type is that they are less volatile and less prone to errors than other types of medium, such as spinning hard disks.
If time is of the essence when restoring data, it would be best to consider some type of hard disk, whether it be traditional spinning disc, more, more in SS days or some kind of enterprise grade SAS drives,
regardless of the type of media, make sure that you choose a solution with enough storage for your security teams needs.
What are the three times of backups?
Full differential and incremental the three types of backups?
In this lesson, we covered
the importance of backing up case data
timeframes four data backup,
incremental versus full versus differential backups as well as storage media and requirements.
Enterprise Security Case Management
In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.