Recovery Profile Version Management System

Overview

Forensic best practice dictates that the specific versions of software used by a forensic practitioner during an examination should be identified in any contemporaneous notes (and final report).  These specific software versions should also be stored so that at a later date, the exact version can be reinstalled to replicate a specific process.  We would also go as far as suggesting that all software used for forensic purposes shoud be signed with an Authenticode digital certificate.

• Authenticode Digitally Signed Software
• Forensic Science Regulator

One of the major problems with using scripted data recovery in a forensic environment is version control and traceability.  Blade now has a Recovery Profile Versioning System which allows the forensic examiner to prove the recovery profile settings used to recover evidence in a case (and to replicate if necessary).  This information is written to an audit log which details the settings at the time of recovery.  Any changes to a recovery profile are both time and version stamped.  The recovery profiles can also be exported and stored if desired.

Blade Version Management System

When Recovery Profiles are created in Blade, version information is automatically created and saved within the profile.  Figure 1 below shows the Author and Version Stamp highlighted.  A last modification date/time stamp is also stored.

Figure 1

The Major and Minor version number can be altered by the user to reflect any major or minor changes to the recovery profile.  If left, the Minor value will automatically increase when changes are made and saved.  The Build portion of the number cannot be edited by the user and reflect the year (10 in this case) and day of year (61 in this case) when the profile was last updated.