Archive Shuttle performs a number of operations in order to preserve and verify the Chain of Custody of data items during a migration. This section explains some of those which need to be taken into account in a migration.
Item level hashing
When an item is exported from a source environment. a hash is generated for that item and stored in the Archive Shuttle Item database. Sometime later, when the item is ingested, the hash is recomputed and compared with that stored value.
If the hashes do not match, a Chain of Custody violation is logged and the item will by default be re-exported and re-migrated.
If a significant number of Chain of Custody alerts are reported, it is likely that antivirus is touching the files after they have been stored on the staging area.
As we are performing the hashing on the items as mentioned in the previous section, a hash is generated on the whole message file, in order to avoid tampering during the migration.
When migrating from EV to EV Archive Shuttle adds a custom index entry to migrated item. This entry contains:
- Migration Time UTC
- Source Archive ID
- Source Transaction ID
- Archive Shuttle Version
When migrating from EV to Exchange, Archive Shuttle adds the same information to each migrated item as MAPI properties.
Following the migration, in case of Chain of Custody queries, you may consider retaining the Archive Shuttle SQL databases.