|
|
|
|
| |
|
PATC Forensic Technology
Privacy & Discretion Policy
|
|
The following guidelines outline the policies and procedures inacted by PATC Forensic Technology (hereafter "PATCtech"), including parent company Public Agency Training Council and all subsidiaries, in regards to the handling of third party information obtained through digital forensic examinations as well all other forms of communication occuring at any point of a business relationship with clients or potential clients.
~Security of client data (or cloned data)
Handling of results/findings from Digital Forensic examinations:
PATCtech operates with absolute discretion whenever and wherever possible with all of our clients. Our priority is to protect the privacy of the client, and the information/data they have entrusted us with. Unless we are under legal due process, we shall not reveal anything to anyone without express written consent of the client by their primary contact and legal representative. We allocate written contracts for service to protect your interest and ours in these matters.
Employee's of PATCtech are obligated to report to law enforcement authorities any detected and confirmed felony crime of violence, other felony, or physical crime against another person, any sexual crime, and most importantly any crime against a child - including but not limited to, child pornography. We also have the ability to be present with any client who wishes to report their own evidence of a crime, and assist them in an expeditious and professional reporting effort.
Discretion and confidentiality are our top priority.
Digital Security - Forensic Examinations:
- All Client devices and/or data in the possession of PATCtech for the purpose of forensic examinations are disconnected from the Internet, or other network appliances thereby eliminating all electronic threats of data corruption and/or theft from external sources.
- Data on client devices is prohibited from perminant transfer or copying to any PATCtech device used as part of the examination with the use of write blocking equipment.
- Reports of findings for Digital Forensic cases are stored in an encrypted, non-shared, non-network accessible database apart from any other administrative or business data.
- All PATCtech devices used for temporary storage of a client's data to be examined are put through a Certified Data Wiping process. This process eliminates the possiblility of data from past cases merging with (or otherwise being included with) data being examined for the current working case.
Digital Security - Data Services:
Security procedures for certain Data Services intrinsically differ from those allocated with a Digital Forensic Service, specifically when the Data Service utilized includes one of the following components: data storage and backup, data archiving, and data and network monitoring.
The following Data Service procedures pertain to all Data Services conducted by PATCtech, or all associated partners of the PATCtech Affiliate Network (hereafter, "PATCnet"), when contracted through PATCtech.
- All devices and procedures that are utilized for storing client data as part of a Data Service through PATCtech or PATCnet exceed industry standards for data security.
- Access to any client data stored or archived, either temporarily or permanently, by PATCtech or any member of PATCnet, will be governed by the contract between PATCtech or the associated PATCnet agent. Agents contracting under the umbrella of the PATCnet must maintain strict compliance with security measures outlined within the individual contracts in order to maintain their affiliation with PATCtech. PATCtech allocates internal monitoring of Data Services contracted through PATCnet in order to maintain the highest standards of security, quality and professionalism when handling client data.
Physical Security and Chain of Custody - Forensic Examinations:
Storage of devices containing client data to be examined or in the process of being examined for a Digital Forensic case are located in a facility with multiple levels of physical security - each level of physical security is designed to ensure data integrity and exact internal chain of custody.
Physical Security Controls include:
- Access to labarotory facilities for storage and examination of devices includes passing through multiple keyed locks as well as card identification access that logs all entries into the lab.
- As a redundanct control of the card identification access procedure, labarotory activity is additionally under logged and archived video surveillance of all activity within the room.
- Labarotory facilities are temperature controlled to ensure the efficiency of computing power.
|
|
|
|
| |
|
|
|
| |
|
|
| |
"93-96 percent of all information is created electronically "
("Electronic Evidence and Discovery Handbook" - American Bar Association)
|
|
| |
|
|
| |
"More than 60% of organizations have been ordered by a court or regulatory body to produce corporate e-mail."
("according to Osterman Research Inc. in Black Diamond, WA)
|
|
| |
|
|
| |
"From essentially zero, we've passed a watershed of more than 3.3 billion active cell phones on a planet of 6.6 billion humans in about 26 years. This is the fastest global diffusion of any technology in human history - faster even than the polio vaccine!"
("Our Cells, Ourselves" Joel Garreau, Washington Post, February 24, 2008)
|
|
|
