Question
What are the benefits and possible issues of different evidence staging methodologies.
Answer
The two primary methodologies for staging (storing) evidence are to either keep all evidence, for all projects, together in a location separate from the project/case folders, or to store the evidence for each project within their respective project's folders. Users should weigh the pros and cons of these methodologies to help in forming their Standard Operating Procedures. Regardless of the selected process, project folders and evidence should be stored in a location that is always accessible by the software, and should not be moved.
Storing Evidence Separately from Project Folders
Pros:
- All evidence is in a central location.
- Users do not need direct access to the project folders.
- The same evidence can be easily used in multiple projects.
- Case backups made from DBConfig or FTK are smaller as they do not contain the evidence.
- Evidence is not deleted when a project is deleted (may also be a "Con" depending on the user's other SOP requirements).
Cons:
- Evidence may need to be moved separately when restoring cases to new environments.
Storing Evidence Within Project Folders
Pros:
- Evidence is located with the projects that they pertain to, which may lead to it being easier to find.
- Case backups made from DBConfig or FTK contain the evidence, simplifying restoring the backups to other environments.
Cons:
- Users need full access to project folders.
- Finding/storing evidence may lead to accidental manipulation of project folder data.
- Multiple projects utilizing the same evidence may result in duplicate copies of the evidence.
- Case backups made from DBConfig or FTK are much bigger.
- Deleting a project also deletes its associated evidence (may also be a "Pro" depending on the user's other SOP requirements).
- Project folder storage may run out of space faster, resulting in processing issues.