Media Forensics File and Data Transfer Options
With any of the following file transfer arrangements, if you have concerns about the security of your files, you can use a variety of freely available software packages to encrypt the files prior to forwarding them. You can then advise Media Forensics of the decryption key or password via another means i.e. separate email, SMS, or phone call.
As with any potentially crucial evidence, always keep the original secure and unedited. Make a duplicate working copy to forward to Media Forensics for any services required. Media Forensics will assist you with instructions on any steps necessary to ensure a reliable and forensically suitable working copy is made.
Email Attachments
Forwarding a file or files via an email attachment is the quickest and simplest method.
An email attachment however, will reset the attached file’s external system date and time stamps. This may impact on any related timeline analysis and file provenance. You may need to provide screen shots of the file’s properties prior to sending, to show the original external timestamps. To avoid the attachment file date and time reset, Zip the file or files then attach the Zip file. The files within the Zip container will retain their original date and time stamps.
The maximum file and attachment size being forwarded to Media Forensics must be within the size limits set by both the send and receive Internet Service Providers (ISP). Size limits on attachments and total email file size could range from 10MB to 50MB. If an email with attachment is rejected due to size, then a cloud based transfer is suggested.
Zip and Encrypt files with Password
Compressing a file or folder using 7-Zip or WinZip etc. prior to attaching and sending will preserve the date and time stamps which may provide critical information. Compressing the attachment also offers the ability to password protect (encrypt) the file prior to sending. Using 7-Zip archive with a password (provided to Media Forensics by another means), will both preserve the timestamp and offer a high degree of security and privacy.
To encrypt and compress one or more files using 7-Zip, select the folder or files and right click and select the 7-Zip “Add to Archive” option, provide an appropriate file name, accept defaults and enter / re-enter a suitable password required to decrypt and open the archive zip file.
Attach the archived zip file to an email to Media Forensics. Advise Media Forensics via other means (phone call, SMS or another email) of the password needed to open the zip file attachment.
Dropbox, OneDrive, Google Drive, iCloud (or similar cloud transfer)
Uploading and/or downloading files via a secure shared online (cloud) folder is a very easy and quick method of large file transfers. These cloud providers offer very strong encryption while uploading, downloading and at rest (on the cloud based servers).
However, most cloud providers control and manage the encryption from their end and so have access to view your data on the cloud based servers. It is not end to end encryption. Some providers may sell or provide information to 3rd parties. To avoid this, all data should be encrypted prior to uploading (see 7-Zip archiving). This will require the decryption password to be provided to the downloader.
When a selection of files and / or folders are uploaded to Dropbox, there are two options for providing download access to other users.
The folder or files can be selected and one or more “share” email addresses can be added. The email addressees will receive an email from Dropbox with the link to access the shared folder or files. The recipient will be required to have Dropbox installed on their system in order to access the data via their email name. No other user can access the data.
Alternatively, a Dropbox “link” can be created for the folder or files. The generated link is then copied into an email to the desired recipient(s). However, anyone who then receives or accesses the email (CC’d or forwarded addressee) with the link can also access the Dropbox folder or files and download the data.
Very large files can be slow to upload depending upon your internet speeds and congestion on the network and may take several hours to complete. Please ensure the upload/download has completed before accessing or attempting to move the files.
Like email attachments, sensitive and confidential files should be compressed with 7-Zip Archive and encrypted with a password prior to uploading if you have concerns about security.
Please call for further information or assistance with compression and/or encryption.
Postal service or Courier
This is the simplest method, but also the slowest, the least secure and most prone to damage or loss.
It is highly recommended to use Registered Mail to track your package when sending your CD/DVD Disc, USB device or Hard Drive to Media Forensics. Sending original material via postal services is definitely not recommended in case of damaged, lost, stolen or undelivered mail. We can advise and assist in the best way of producing a copy of the file so that it will not impact on the media’s metadata or safe handling.
It is not recommended to post or courier Hard Disk Drives with spinning platters. Any rough handling is likely to cause the heads to dislodge and move about and across the platters, resulting in potentially unrecoverable and unusable media. A well packaged SSD Hard Drive or USB stick i.e. no moving parts, is suitable for posting.
FTP (File Transfer Protocol)
FTP is not recommended as a method of transferring/copying files from one computer to another across the internet unless Secure FTP is utilised with either TLS 1.2 or TLS 1.3. Data sent in the clear can be compromised. If required, Media Forensics can arrange for an FTP account log-in on our own FTP Server and can assist you in setting up a secure FTP connection.
FTPS (FTP over SSL/TLS) data transfer does provide end to end encryption. It does however, involve a small degree of complexity and is better suited to organisations with IT support staff that can assist with the configuration. Any form of FTP file transfer does involve the opening of ports on firewalls, which is inherently unsafe and should be managed carefully. FTP ports should only be opened when needed and then imediately closed on completion of the data transfer.
VPN (Virtual Private Network)
Media Forensics can arrange an encrypted Virtual Private Network (VPN) to provide an end to end connection point to point pathway for file transfer, and an FTP account log-in to run over the VPN connection on your request. This is the most secure file transfer method, but is also the most complex to undertake and more suited to organisations with appropriately skilled IT support staff.