Secure Case Logging

Creating and restoring drive image files

OSForensics™ secure logging functionality allows the investigator to maintain an audit trail of the exact activities carried out during the course of the investigation for several purposes including the following:

  • Debriefing of a completed investigation
  • Auditing the activities of an investigation to determine whether proper procedures and protocols were followed
  • Educating and evaluating of investigators in training

To maintain the integrity of a case's recorded history, the log file has built-in security mechanisms for verifying whether or not it has been tampered with. The log file itself is stored in an encrypted format and can only be viewed when the case is opened within OSForensics; it cannot be viewed as-is using a text viewer like Notepad. In addition, several layers of integrity checks (ie. hash chains) are computed for each log entry that serves to verify the integrity of all previous log entries.