The mSIS Case Bundle: Reporting & Audit
EVIDENTIAL REPORT COMPLIANCE
When using mSIS, all of the digital evidence that is gathered during an investigation is saved within the mSIS Case Bundle.
AUDIT TRAIL & FILE HASHES
During an investigation, every action taken, search string deployed and web page visited is recorded and time-stamped to create an Audit Trail. Screenshot captures of webpages are saved with a time-stamp to the Audit Trail. All recording to the Audit Trail is automatic and the Audit Trail is read-only providing the user with the highest confidence level of the research performed by the investigator.
Every file receives a unique hash SHA-256 value. Anyone accessing an Evidential Report may easily reference the Audit Trail and the corresponding hash file, allowing for quick verification of the evidence capture process.
Each modification acquires a new hash value, so that any attempt to modify or remove incriminating data shall be exposed by the different hash value. A hashes comparison feature quickly reveals any modification or deletion within the case bundle.
The Audit Trail and hash values are saved in the case bundle as files, within their own folders, providing Evidential Reports with high confidence of integrity.
In the disclosure process, the defence council may consult the Audit Trail and Hashes files to verify the evidence.