Collecting documentary evidence is an important aspect of security investigations. The documents need to be collated and stored in a way that is readily accessible and related to the incident involved. Typical examples are police reports, photographs of the scene, identification documents of people involved, and so on. Clearly such information is likely to be sensitive and it needs to be stored in a secure place.
While cloud computing is often being pushed as the best way to operate IT, when it comes to sensitive and private information do you trust it to the cloud? There are enough security breaches and examples of compromised systems to know that doing so would be unwise and could put an organization in legal peril. The information needs to be secured and encrypted so that it is safe even from insider attacks. It should only be accessible through the approved workflows, and then only to the users who need to know about the contents. However, collaboration is critical and so the information does need to be easily shared. The format of the information is also highly variable, it could be standard office documents, photos of many different formats or even video from CCTV. Staff are often most used to sharing such information via email, but this is definitely not secure and also brings with it the problems of versioning. How do you know the document sent to you is the latest and correct version, for instance the version that was reported to the authorities? This is particularly important when data protection issues are concerned. Also how do you know it has not been tampered with?
TeamMacro TERSM provides a secure encrypted central repository for all information related to an incident. Typically, it is under the infrastructure control of in-house IT and protected from compromise. Documents are stored in a database, not like a traditional file system of a desktop computer. Users can collate information associated with an incident by setting up an appropriate filing structure so that the documentary evidence is easy to find. This is especially important if such evidence is voluminous and if it involves cases that go on for long periods. After all, some cases can be the subject of legal action for years. If the information is to be viewed, special viewer software allows that for hundreds of formats without the document being transferred to a potentially risky local location. Of course, the information cannot be tampered with, as it could, for example, if it was attached to an email. Uploading a document of the same name will never over-write the existing document, rather a new version is automatically created.