1 hour 34 minutes
in this lesson, we'll talk about why data destruction processes are required,
how to securely raise case data and evidence
and when to raise that case, data or evidence.
Why should case data be destroyed?
K. State or evidence should be destroyed to prevent data loss, leakage or theft.
One section off the died of retention policy we just discussed must be about data destruction.
Once an enterprise security case has been finalized and it is determined that the data are no longer required, the data should be destroyed to prevent evidence being leaked, lost or stolen.
There are several ways to securely wiped case data and evidence when they are no longer required.
There are various commercial tools available, such as a razor, which can be used to securely erase individual files, specific partitions or entire drives, depending on the needs of the analysts. Most operating systems have utilities built in which can perform similar functions, overrunning data with strings or zeroes or randomized data
to prevent information from being recovered.
Windows has cipher, which will have raised media in three passes. OS X and Lennox have D D, a utility which is used to copy data but which can also be repurposed to securely wiped media
similar to retaining data. There may be local laws or regulations which determine when and how case data and evidence are allowed to be securely wiped or destroyed.
Keep this in mind when creating your data retention policy and consult a lawyer or law enforcement official. When in doubt
accepting special legal requirements. A good rule of thumb for destruction of case data is to specify a retention period, which is reasonable for your organization or use case, such as 30 or 90 days.
And to them perform, which have a secure eraser method. Best Susie organization.
This method should be the same in all cases, and each team member should be trained to perform the same method as a standard. Issues can arise when different methods are used in different situations or by different members off the same team.
When can case day to be destroyed
when legal says it is no longer required and in accordance with regulatory requirements
In this lesson, we covered why data destruction processes I required
how to securely erase case data
and when do we raise case data and evidence