Time
1 hour 34 minutes
Difficulty
Advanced
CEU/CPE
1

Video Transcription

00:00
in this lesson, we'll talk about why data destruction processes are required,
00:04
how to securely raise case data and evidence
00:07
and when to raise that case, data or evidence.
00:11
Why should case data be destroyed?
00:16
K. State or evidence should be destroyed to prevent data loss, leakage or theft.
00:21
One section off the died of retention policy we just discussed must be about data destruction.
00:26
Once an enterprise security case has been finalized and it is determined that the data are no longer required, the data should be destroyed to prevent evidence being leaked, lost or stolen.
00:37
There are several ways to securely wiped case data and evidence when they are no longer required.
00:43
There are various commercial tools available, such as a razor, which can be used to securely erase individual files, specific partitions or entire drives, depending on the needs of the analysts. Most operating systems have utilities built in which can perform similar functions, overrunning data with strings or zeroes or randomized data
01:03
to prevent information from being recovered.
01:04
Windows has cipher, which will have raised media in three passes. OS X and Lennox have D D, a utility which is used to copy data but which can also be repurposed to securely wiped media
01:17
similar to retaining data. There may be local laws or regulations which determine when and how case data and evidence are allowed to be securely wiped or destroyed.
01:26
Keep this in mind when creating your data retention policy and consult a lawyer or law enforcement official. When in doubt
01:33
accepting special legal requirements. A good rule of thumb for destruction of case data is to specify a retention period, which is reasonable for your organization or use case, such as 30 or 90 days.
01:45
And to them perform, which have a secure eraser method. Best Susie organization.
01:49
This method should be the same in all cases, and each team member should be trained to perform the same method as a standard. Issues can arise when different methods are used in different situations or by different members off the same team.
02:02
When can case day to be destroyed
02:07
when legal says it is no longer required and in accordance with regulatory requirements
02:13
In this lesson, we covered why data destruction processes I required
02:16
how to securely erase case data
02:20
and when do we raise case data and evidence

Up Next

Enterprise Security Case Management

In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.

Instructed By

Instructor Profile Image
Seth Enoka
Consultant
Instructor