dChan
Anonymous ID: b7b46d Sept. 2, 2020, 6:03 p.m. No.10509714   🗄️.is 🔗kun   >>9787 >>9911 >>9988 >>9990 >>0049

>>10503446 (Q

>https://www.fbi.gov/services/information-management/foipa/privacy-impact-assessments/sentinel

>Files do not go 'missing' unless 7th floor direct involvement.

>Follow the logs.

>Q

 

Sentinal and Data Integrity

Audit logs are extremely important since they ensure data remains complete, accurate, and reliable.

 

Based on the Sentinal documentation, it would be extremely difficult to delete documents without leaving an audit log trail and it would be even more difficult to alter or delete audit logs.

 

Sentinal follows the security guidelines laid out by the National Institute of Standards and Technology (NIST). This is spelled out in Section 6.1 of the Sentinal documentation. It says the system will:

-Log all Operating System, Database and Get/Put logs.

-Send audit logs to the Enterprise Security Operations Center for daily monitoring of potential system misuse.

-General users cannot view, change, or delete the audit logs.

 

The relevant NIST publication for secure log management is in NIST Special Publication 800-92. This means:

-Users should not be able to rename or delete logs.

-Archived log files are protected so they can’t be later altered.

 

https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf

 

TL;DR

-If someone deleted documents in Sentinal, there is an audit log of exactly who deleted what.

-If someone deleted or altered audit log files, the entire system is not secure and any case could be called into question due to potential data tampering. This would open a huge can of worms for thousands of FBI cases.