Chain of Custody for email and archive migrations
When you move email records, you need to be able to account for every single message that was stored in your source system and what happened to each one at every step of migration. If the message is not contained in the target destination, you need to be able to explain why not, and what happened to that message. Everything must be legally defensible.
CoC records are most likely to be required retrospectively, so there is only one chance to get them right. CoC is an absolute ‘must have’ in any email or archive migration project.
What is Chain of Custody?
Chain of Custody (CoC) is about traceability and being able to demonstrate that the source hasn’t been tampered with. It’s been defined as a “process used to maintain and document the chronological history of the handling, including the transfer of ownership, of any arbitrary digital file from its creation to a final state version.”
CoC tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled it, the date/time it was collected or transferred, and the purpose for the transfer, in a legally defensible manner. With email migrations, CoC records are vital for legal defense once your old source has been decommissioned.
Quadrotech stores CoC in a clear, audited safe location, not in text log files as some competitors do.
Quadrotech’s support for CoC
Assume you have a working archive in something like Enterprise Vault (EV). Our ArchiveShuttle tool was created with CoC in mind. We keep a digital fingerprint of every item, at every stage of the process. From extraction to ingestion you can interrogate the metadata in the database to ensure there’s been no interference during migration; files in the target destination are totally reconciled against the source.
Where ArchiveShuttle differs significantly from most comparable tools is that our proprietary Advanced Ingestion Protocol (AIP) streams the migrated archive into Exchange and Office 365 fully preserved. This makes CoC much easier to validate. A number of other vendors use protocols like Exchange Web Services (EWS) for ingestion, which break the data into smaller pieces (authors, recipients, dates and other properties). EWS can’t even preserve some information – like the date the item was created – meaning there’s much more of an opportunity for information to be lost or corrupted.
Live mail and offline PSTs
The extraction, rationalization and preparation process is largely automated in our PST Flightdeck and MailboxShuttle tools, with exceptions being flagged for manual intervention. The tools record how many items could not be fixed, but in practice these file fragments are generally lost to the world. All you can tell is that they existed on the source system once. We provide reports on corrupt/unrecoverable items to customers if they want to attempt to rescue them themselves prior to decommissioning the source.
Full CoC kicks in once the original item has been repaired. At that stage you are effectively treating the exercise in a similar way to an archive migration. Because CoC can be demonstrated for usable items once they’ve been repaired – and you can demonstrate there were unusable or unrecoverable elements in the source data – your CoC compliance will still stand up to the most rigorous scrutiny.
Multiple archive sources
CoC is more complicated to monitor if you are consolidating many archives from different sources into a single repository – but then our digital fingerprinting then applies at each stage, from each source, so everything is fully reconciled.
A CoC database contains multi-millions of items. It’s your ‘single point of truth’ for what happened to the source data, so it should be kept safe and ready for interrogation. Auditors may choose to test it by looking for specific messages in the report. Legal and compliance officers may wish to do a complete analysis to make sure every message has been migrated.
Whatever migration you aim to achieve, Quadrotech’s toolset ensures your CoC will be robust, demonstrable and defensible.