|
[Veritas-bu] scratch pool compliance
2007-05-15 11:52:52
|
Subject: |
[Veritas-bu] scratch pool compliance |
|
From: |
ddunham at taos.com (Darren Dunham) |
|
Date: |
Tue, 15 May 2007 08:52:52 -0700 (PDT) |
> The issue is if during a legal case someone asks for all data
> pertinent to a mail server if I would have to produce tapes previously
> expired. This would be very easy to recover the data with an import.
> I think the legal fear is that you *have* to provide the expired tapes
> or the data on them to be compliant. Trashing the header with bplabel
> might make sense but still would be very easy to recover with dd and
> tar (I would think).
'dd' and 'tar' are not sufficient. In general you will need specialized
hardware. Writing to any spot on a tape makes all data after that point
inaccessible without some magic. So simply writing to the header erases
all the data on the tape to a first approximation.
> I think what I'll end up doing is querying the scratch pool for tapes
> older than X dates and moving them into another pool which gets full
> erased and thrown back in the sratch pool if needed. I am also very
> curious if anyone else has had similar discussions with their legal
> departments on such issues.
> Is it enough to say that once the image expires it's not reasonably
> sane to ask for the data?
No. You probably want to speak with your legal department or someone
with that knowledge in the company. I did some 'post-incident'
discovery work a couple of years ago. This was just the company doing
it on their own (no trial was yet occuring). Talking about the policies
in place at the time was just a first step. I investigated how likely
it was that the policies were being followed, what discrepencies could
be found, and what chances we had of being able to recover additional
data through various scenarios (looking for scratch tapes and trying
imports, looking for undiscarded tapes in a cabinet somewhere, hiring
recovery houses for data reconstruction).
Because this was just the company doing their own investigation, we
didn't go to the step of doing any recovery house work because of the
expense and our assessment that the chances of getting relevant data
were very low. But it was obvious that this avenue was open if
necessary.
--
Darren Dunham ddunham at taos.com
Senior Technical Consultant TAOS http://www.taos.com/
Got some Dr Pepper? San Francisco, CA bay area
< This line left intentionally blank to confuse you. >
|
|
|
