Archive Shuttle performs a number of operations in order to preserve and verify the Chain of Custody of data items during a migration. This section explains some of those which need to be taken into account in a migration.

Item level hashing

When an item is exported from a source environment. a hash is generated for that item and stored in the Archive Shuttle Item database. Sometime later, when the item is ingested, the hash is recomputed and compared with that stored value.
If the hashes do not match, a Chain of Custody violation is logged and the item will by default be re-exported and re-migrated.
If a significant number of Chain of Custody alerts are reported, it is likely that antivirus is touching the files after they have been stored on the staging area.

Migration-level hashing

As we are performing the hashing on the items as mentioned in the previous section, a hash is generated on the whole message file, in order to avoid tampering during the migration.

Watermarks

When migrating from EV to EV Archive Shuttle adds a custom index entry to migrated item. This entry contains:

  • Migration Time UTC
  • Source Archive ID
  • Source Transaction ID
  • Archive Shuttle Version

When migrating from EV to Exchange, Archive Shuttle adds the same information to each migrated item as MAPI properties.

Retained databases

Following the migration, in case of Chain of Custody queries, you may consider retaining the Archive Shuttle SQL databases.

Print Friendly, PDF & Email

2 Replies to “Preserving the Chain of Custody”

  1. Advanced Logging should not be considered CoC IMHO and we should mention backing up and retaining your DB is key to CoC. Maybe even queries to find target IDs for source IDs and vice versa. These would likely be per source and target.