Interesting information for those in the legal, ediscovery, and digital forensics fields.

The Perils of Chain of Custody in the Increasingly Sophisticated World of Connected Devices

Written by Brendan Sullivan


For the legal discovery world, the functions of asset tracking and chain of custody are becoming increasingly intertwined, but these two functions can hide the real asset and the real risk of spoliation. I’m not talking about the physical asset, I’m talking about the data of course. Chain of Custody is not a recent practice, in fact, it has been around since the early 20th Century when the police and law enforcement needed a systematic approach to maintain the integrity of evidence from the time it was collected to when it was presented in court.

In terms of basic requirement, not a great deal has changed in the last 100 years or so. There is still a fundamental need to preserve, seal, identify and track the asset throughout its lifecycle. Historically, this has predominantly been achieved through a chain of custody document that formally transferred custodianship from one individual to another. However, in today’s connected world, this process is becoming far more complex – and the risk of spoliation has increased significantly as a result.

In the earlier days of IT, whether dealing with computers or backup media, asset identification was relatively straight forward. Once a device or media was air-gapped (disconnected from the internet) the preservation largely took care of itself. I would always say that a backup tape holds a perfect piece of forensically sound evidence because it did not require any kind of forensic image creation. Instead, it is always a snapshot of data at a moment in time, and, critically, segments of data or metadata cannot be altered without rewriting the whole media as data cannot be appended on a tape – integrity was inherent to the medium.

Computers were also relatively easy to manage from a chain of custody perspective, though they carried greater spoliation risk if the imaging was delayed or improperly performed. Even then, ownership of the data itself could be ambiguous, depending on how IT administrators assigned or reassigned devices. It was not uncommon for computers to be passed from one individual to another, blurring the line between physical custody and data ownership. But the technical risks were still far more contained than they are today.

Modern devices can materially change state simply by being powered on, unlocked or moved between network environments. Devices may remain accessible to users, administrators, employers, company managed platforms or cloud services even after physical possession has transferred, hence creating hidden vectors for spoliation outside of the  examiner’s control.

Now, with smartphones, tablets and modern laptops there are significantly more considerations and precautions required. Location and movement have become integral components of the chain of custody, necessitating active tracking rather than passive documentation and sealed containers. If devices are or remain powered on, automatic backups or OS updates can run and modify file level metadata while a device is under the physical control of a custodian who has technically “taken custody”. Additional changes may also be triggered such as inadvertent or momentary connections to the outside world, as well as routine system background maintenance, which can result in the overwriting or purging of artifacts and log files.

Data associated with a physical device may be distributed across multiple cloud services and accounts – think about a laptop or cell phone and the data that is typically accessed on each: Google Drive, iCloud Photos, OneDrive, Yahoo mail, Gmail, Microsoft mail, CRM platforms, social media accounts, etc. It could be argued that chain of custody must extend beyond the hardware to include associated cloud repositories and artifacts.

Encryption is also a key consideration to be aware of. Early encryption methodologies were mostly gatekeeper type technology where the correctly entered passphrase or PIN gave access to the entire active user space. More recent encryption operates very differently. Now, the passphrase or PIN often encrypts at the OS level, and without decryption, often enforced with AES 256, the data is effectively inaccessible or unrecoverable without the correct codes.

It is this modern, privacy-driven application of encryption that is increasingly disrupting traditional chain of custody and asset tracking processes, and is starting to have an effect on both inadvertent and intentional spoliation. The challenges arise from a combination of strong encryption, multi factor authentication (MFA), employer controlled mobile device management (MDM), and the extensive capabilities retained by individual users through applications, both user-installed from third party providers and native to the device itself. As a result, long standing practices such as the custodian bringing their device to a law firm or leaving it in an office to await collection by a forensic examiner can be inherently problematic. During this interim period, the device may continue to change state in ways that are difficult to detect, document or later defend. The longer this interim period persists, the greater the accumulation of undocumented changes, compounding both evidentiary risk and defensibility concerns.

Let’s examine some potential pitfalls that can result in data spoliation:

  • Biometric locks, rotating credentials and passcode retry limits introduce time-sensitive risks that can affect evidentiary access or trigger data protection mechanisms such as automatic factory resets, if mishandled. These can result in permanent data destruction, and hence, serious spoliation problems.
  • A user’s old personal Windows laptop is received, and it is encrypted with BitLocker. Due to privacy constraints, a full forensic image of the device is not permitted. Instead, only a targeted logical acquisition of specific data is authorized. The laptop has not been powered on by the user for an extended time as they are using a new device. To perform the acquisition, the forensic examiner powers on the device and, once the device boots into Windows, the user’s password is entered permitting the examiner to gain access to the user’s Windows profile, and the specific folder that requires preservation. Due to the considerable time that had passed since the laptop was last powered on, automatic system updates and background processes are triggered, resulting in the modification of file and system level metadata. While such changes may be explainable, they are nonetheless undesirable and introduce avoidable spoliation risk and an accompanying story of why it happened.
  • A company owned iPhone is received. It is managed via the company’s MDM tools, a fact that was not known or disclosed at the time of custody transfer. One of the company’s MDM policies is to automatically perform a factory reset in the event the device is stolen, lost or not connected to the internet for 6 months. Although custody of the device is taken, the actual acquisition is not yet approved so the device is securely stored. Some time passes and then authorization is received to perform data extraction from the device for preservation. The device’s battery is dead so it is connected to a power source to charge. Upon initial charging, the device briefly connects to the cellular network, allowing sufficient connectivity for the MDM to trigger a remote wipe before the device can be placed into Airplane Mode.

While these situations can be rare, there is little doubt that modern mobile devices, frequently connected to the internet and protected by increasingly sophisticated encryption, pose a significantly higher risk of both inadvertent and intentional spoliation. Traditional asset tracking and chain of custody protocols are no longer adequate for all circumstances. To minimize the possible risks, the following best practice processes are highly recommended:

  • Enhanced Chain of Custody Documents
    Ensure documentation includes detailed descriptions (e.g. OS versions, MDM details) especially with regards to data privacy safeguards; specific precautions taken to prevent network connectivity or data alteration while the device is in custody; device handling steps such as enabling Airplane mode, disabling WiFi and Bluetooth, powering off the device, etc. If the passcode to unlock the device is entered incorrectly, record the details and the consequent device behavior.
  • Integration of Chain of Custody with asset tracking systems
    Chain of custody records should be directly linked to asset tracking systems that capture not only the current custodian of a device, but also a historical record of its physical location and movement throughout the period of custody where potential data connection trigger risks may have been possible.
  • Defined Preparation Procedures for Mobile Devices
    Establish and enforce standardized preparation processes for mobile devices especially, that reduce, and where possible eliminate, the risk of inadvertent internet connectivity prior to forensic preservation or examination.
  • Implement Faraday Protection Measures
    Employ Faraday bags, and when appropriate Faraday cages, to isolate devices from all incoming and outgoing electromagnetic signals, including cellular, WiFi, Bluetooth, GPS. Powering on dormant devices should only occur within such controlled environments to prevent unintended “phone home” activity, remote access or automatic data erasure.
  • Now more than ever, COC records should document not only the actions performed when taking custody of a device, but also those intentionally avoided, e.g. the device was not powered on, or the device was not unlocked.
  • Equally important is documenting on the COC the exact state in which the device was received: powered on, powered off, unlocked, in sleep mode, etc. This clearly establishes preservation intent and evidentiary integrity.

As devices become more connected, autonomous and security driven, traditional notions of Chain of Custody must evolve beyond simple possession. Effective evidentiary preservation and tracking now requires a holistic approach that accounts for device state, connectivity and data accessibility, remote access, and cloud dependencies. By modernizing chain of custody practices to reflect these realities, organizations can significantly reduce the risk of both inadvertent and intentional spoliation. This will better ensure the defensibility and integrity of digital evidence in an increasingly complex world.

Download our CoC Readiness Checklist

Backup Tape Format and Backup Software Diversity Creates Real Recovery Challenges

Written by Dean Felicetti, CIGO, Director of Data Risk and Remediation

Managing Risk in Legacy Backup Tape Recovery

Recovering data from legacy backup tapes is rarely a straightforward exercise. Backup tape media exists within an ecosystem that includes specific tape formats, drive generations, firmware, operating systems, and backup software implementations. As infrastructure changes over time, those dependencies often disappear, leaving organizations with backup tape media that is physically intact but operationally difficult to access.

Tape Format Diversity Creates Real Recovery Challenges

Most enterprise environments accumulate multiple tape formats over time. It is common to see backups and archives spanning multiple generations of LTO alongside DLT or SDLT, AIT or SAIT, DDS or DAT, and in some cases IBM 3592 or even open-reel formats (9-Track).

Each backup tape format introduces its own constraints. LTO media supports limited backward compatibility, typically only one or two generations, which means older LTO-4 or LTO-5 tapes cannot be read on modern LTO-8 or LTO-9 drives. DLT and SDLT require specific hardware and proper block size handling. AIT and SAIT depend on Sony drives that are no longer manufactured. DDS and DAT tapes are especially sensitive to age and alignment issues. IBM 3592 tapes frequently require environments aligned to AIX or mainframe workflows in order to interpret the data correctly.

  • When multiple formats are involved, the risk of partial restores, read failures, and extended timelines increases significantly.

Backup Software and Encryption Often Becomes the Primary Obstacle

While backup tape format compatibility is critical, backup software is often the deciding factor in whether data can be recovered. Backup applications control how data is written to tape, including compression, encryption, multiplexing, and indexing. Without the corresponding software context, tape data may be unreadable even if the media itself is accessible.

For example, Veritas NetBackup relies heavily on catalog data to perform restores. IBM Spectrum Protect, formerly TSM, stores data as managed objects that cannot be reconstructed without metadata. Commvault environments tie together media, indexes, and client configurations that are often version dependent. Arcserve and OpenText Data Protector frequently rely on agents and services that no longer run on supported operating systems. Older DDS and DAT tapes written with NTBackup are a common challenge, as the format is not natively supported by modern backup platforms.

In many matters, organizations still possess the tape media but no longer have the catalogs, licenses, or operating systems required to perform a traditional restore.

Reducing Dependency on Legacy Backup Environments

Rebuilding obsolete backup environments is often impractical. It can require unsupported operating systems, discontinued hardware, and legacy software licenses that are no longer available. As a result, modern recovery workflows focus on minimizing reliance on the original backup software whenever possible.

This is where backup-software-agnostic technologies like TRACS become impactful.

TRACS operates independently of the original backup application, allowing tape content to be analyzed and interpreted without requiring a functional NetBackup, Spectrum Protect (TSM), Arcserve, or Data Protector environment. This eliminates several common failure points, including:

  • Missing or unrecoverable backup catalogs
  • Obsolete operating systems required to run legacy software
  • Version mismatches between tape media and backup applications
  • Licensing or hardware constraints tied to discontinued platforms

The TRACS approach allows teams to work across mixed media sets such as LTO tapes written with Commvault, SDLT archives created with Arcserve, or DDS tapes produced by other backup software. By avoiding full system reconstruction, recovery efforts become more predictable and less vulnerable to version or catalog failures.

Using Tape Metadata to Guide Recovery Decisions

Understanding what exists on tape before attempting extraction is essential. Blind restores consume time, drive resources, and processing costs, often resulting in the review of data that is ultimately irrelevant.

The Invenire Backup Tape Metadata Portal provides early insight into tape contents by identifying attributes such as general backup information, backup dates, source systems, and session, service, file level metadata identifiers. This level of visibility allows teams to prioritize tapes within relevant timeframes and exclude those outside the scope of a matter.

S2|DATA Real-World Recovery Scenarios

In practice, legacy data from backup tapes recovery efforts frequently involve situations such as LTO-6 or LTO-7 tapes written with Commvault where index databases are missing, SDLT media created with Arcserve that requires discontinued hardware, DDS or DAT tapes produced by NTBackup with limited documentation, or IBM 3592 tapes that originated in mainframe environments.

Without broad support for both backup software and tape formats, these scenarios can lead to delays, incomplete data recovery, and increased cost.

Conclusion

Legacy backup tapes represent a convergence of aging media, deprecated, end of life software, and evolving data obligations. Successful recovery requires more than access to tape drives. It requires a clear understanding of how backup software and tape formats interact, along with workflows that reduce dependency on obsolete systems and improve reliability. With the right technical approach, historical tape data can remain accessible and defensible regardless of when or how it was created.

From the Trenches: Real-World Lessons in Digital Forensics

Based on a Webinar hosted by eDiscovery Today featuring S2|DATA experts Karuna Naik, Greg Freemyer, and Michael Crawford

In an age when nearly every moment leaves a digital footprint, from text messages and GPS data to smartwatch health logs, digital forensics has become a cornerstone of modern investigations. In S2|DATA’s recent webinar, “Fireside Chat: Forensic Tales from the Trenches,” panelists shared real-world stories where digital evidence shaped legal outcomes and uncovered the truth.

The Power of Everyday Digital Evidence

The session opened with a simple but revealing story: a minor parking lot collision caught not by a witness, but by technology. When a “collision detected” alert appeared on his Mercedes dashboard, host Doug Austin discovered the evidence trail didn’t stop there, an iPhone photo from a good Samaritan captured the moment of impact, complete with metadata that matched the exact timestamp of the alert.

As panelist Greg Freemyer pointed out, this is the new normal:

“Fifteen years ago, getting a photograph like that would’ve been impossible. Now, it’s routine. The quality of digital evidence we carry in our pockets is incredible.” From smartphones to smart cars, nearly everything today records something, and forensic professionals must be ready to collect, authenticate, and interpret that data correctly.

Standardizing Evidence Collection with S2|DATA’s Questionnaire

When asked how her team ensures digital evidence is preserved properly, Karuna Naik, S2|DATA’s Director of Forensics and Disputes, highlighted the importance of identifying all potential data sources from the very start.

“The first thing really is to identify the correct data sources. We use a document that lists categories, cloud data, cell phones, laptops, storage devices. The custodian and client go through it together so we know exactly where data might reside.”

That document, the S2|DATA Data Source Questionnaire, provides a systematic way to document every possible data source, from desktops and mobile devices to social media, email, and cloud storage. By combining this form with strict chain-of-custody and logging procedures, S2|DATA ensures every piece of evidence is traceable and defensible in court.

When Data Makes or Breaks a Case Deleted Messages and iCloud Rescues

Greg recounted a case involving engineers who deleted thousands of text messages the night before a deposition, an act of spoliation that could have destroyed their credibility. Fortunately, his team acted quickly, recovering nearly all of the deleted data from Apple’s Messages in iCloud before synchronization occurred. “Because we were fast, and because we knew about this additional repository, we saved our client. We recovered about 95% of the messages.”

The Dangers of Water and Data Loss

Karuna shared her own “fishing trip gone wrong,” where her daughter’s phone sank off a dock. Thanks to iCloud backups, every photo and message was restored, a lesson she applied professionally when helping a client recover critical WhatsApp and SMS data after a phone was lost at sea. “Thankfully, the client had iCloud messages enabled, so we could restore a backup to a test device and recover everything needed for the case.”

Health Data That Exonerated a Driver

In another case, a truck driver accused of distracted driving was cleared using data from his iPhone’s Health app. The app automatically recorded walking movements immediately after the accident, proving he was not on his phone at the time. “Health data isn’t just about fitness, it can prove or disprove what someone was doing in a critical moment,” Karuna explained.

Location Data That Cleared a Hotel

In a criminal case, S2|DATA used GPS coordinates embedded in thousands of text messages and photos to prove that a minor involved in a trafficking investigation had never been at the accused hotel. By mapping the data points, the forensic team conclusively showed that all activity occurred miles away, evidence that helped exonerate the hotel owners.

IP Theft and the USB Trail

Departing employees copying trade secrets is one of the most common scenarios S2|DATA encounters. Greg described how USB connection logs often tell the story: “We can see when a USB device connects, which files were accessed, and even when the user verified the files were copied. It’s still the smoking gun 80% of the time.”

The 85-Camera Mall Incident

Michael closed with a remarkable case involving 85 security cameras in a shopping mall. His team analyzed 48 hours of footage to reconstruct a suspect’s movements minute-by-minute across dozens of camera angles, an exhausting but decisive effort. “One image doesn’t tell the story, but when you align hundreds of them, the truth becomes clear.”

Lessons for Legal Teams and Investigators

Throughout the webinar, one message echoed: timing and thoroughness are everything.

Data sources disappear quickly, overwritten, synced, or deleted, so identifying them early using tools like the S2|DATA Data Source Questionnaire can mean the difference between success and failure.

Key takeaways:

  •  Act immediately, the longer you wait, the more evidence degrades.
  •  Document everything, chain of custody and collection details must be meticulous.
  •  Look everywhere, phones, watches, laptops, cloud drives, and even car systems hold clues.
  •  Use the right tools, forensic platforms like Cellebrite and Oxygen extend what simple backups can’t.
  •  Standardize your process, the S2|DATA Data Source Questionnaire ensures no data source is overlooked.

Closing Thoughts

Digital forensics is no longer a niche technical field, it’s a vital part of modern litigation, compliance, and investigations.

As Karuna put it best:

“We track everything, the tools, the versions, the drives, the timing. Integrity across the process is everything.”

From a scraped fender to a multimillion-dollar IP theft, the Fireside Chat reminded everyone that the truth lives in the data, if you know where to look.

Overcoming Dormant Case Data Challenges from ARM Archives: The Strategic Value of Tape Storage in eDiscovery

An opinion piece by Tameca Brooks, Director of eDiscovery

A law firm managed a litigation case that remained active for five years before being stayed. At the time of the stay, the firm requested an ARM archive (Archive – Restore – Move) from its eDiscovery vendor. The vendor exported the archive, stored it on an encrypted HDD, and shipped it to the firm.

The HDD remained in the firm’s possession for several years while the case was dormant. However, as often happens, the litigation was unexpectedly reactivated, requiring the firm to locate the HDD and restore the ARM archive to an active Relativity workspace. This process, however, was fraught with challenges:

  1. Missing password for the encrypted HDD.
  2. Vendor no longer existed, having been acquired during the dormant years.
  3. Vendor’s project management team had departed, leaving no clear point of contact.
  4. Changes in the legal case team, leading to gaps in institutional knowledge.
  5. HDD failure, further complicating data restoration.

These obstacles underscored the complexities of long-term eDiscovery data management and the risks of inactive litigation ARM archives.

The Costly Path of Restoring ARM Archives

Restoring the case data proved to be both complex and expensive. The law firm engaged a vendor to jailbreak the encrypted HDD in an attempt to regain access to the ARM archive environment for restoration and hosting by S2|DATA (“S2”). However, the read failure and missing password severely hindered what could have been a seamless reactivation.

As a result, the firm had to locate historical correspondence and client data to help S2 reconstruct the workspace. The burden extended beyond the law firm – it impacted the end client as well, turning what should have been a simple restoration into a resource-intensive and time-consuming process.

Under normal circumstances, restoring an ARM archive would have required only minimal costs – a few hours of project management and technical time to restore, validate, and release the data. However, due to these unexpected challenges, the firm incurred:

  • Additional processing costs to re-ingest client data.
  • Significant project management hours spent searching for correspondence to rebuild the workspace.
  • Loss of attorney work product stored within the ARM archive, forcing the case team to spend additional time reacclimating to the litigation.

A Simple Solution for ARM Archives: Tape Storage

One often-overlooked strategy that could have prevented these challenges? Storing eDiscovery data on tape.

Unlike HDDs, which are prone to hardware failure, data corruption, and software incompatibilities, tape storage offers a reliable, cost-effective, and compliant long-term data management solution.

Why Tape Storage is the Ideal Solution

  • Long-term data integrity – tape storage preserves data for extended periods without risk of degradation.
  • Cost-effective – tape reduces storage costs compared to HDDs, which require ongoing maintenance.
  • Regulatory compliance – tape meets legal retention requirements, ensuring firms remain compliant.
  • Cybersecurity protection – with air-gapped storage and secure encryption, tape protects against ransomware attacks and hacking.
  • Physical protection – unlike HDDs, tape is resistant to physical damage and system failures, ensuring data remains retrievable.

Lessons Learned & Moving Forward

This case illustrates the risks of relying on HDDs for long-term inactive storage. HDDs are simply not designed for extended dormancy, making them an unreliable option for preserving critical legal data.

By transitioning dormant case data to tape, law firms can reduce costs, enhance security, and ensure long-term accessibility. To proactively prevent future data challenges, legal teams should collaborate with IT teams to implement a hybrid storage strategy, using HDDs for active cases and tape for archived cases.

The Key Takeaway

Storing Relativity ARM archives on tape provides a cost-effective, secure, and long-term storage solution that meets compliance needs while protecting against data loss and minimizing the risk of unauthorized access.

Here comes the SUN – Legacy Data Remediation

 

Legacy Data

How Legacy Data Remediation Drives Technical Innovations for Future Projects

Written by Brendan Sullivan, CEO

Legacy data remediation has become the ultimate test of technical ingenuity. Almost every large remediation we have undertaken is substantially different and unique. There are over 100 major backup formats, over 100 tape formats, and goodness knows how many file formats. More recently large, networked disk-based systems (NAS Filer – NDMP) became the point for initial backup before being dumped to deep tape. There are container files, compressed container files, multiple database formats many saved as agent-based backups. Suffice to say that when a client requires data to be separated – “keep this, not that” It can be complex. Further challenges are always posed by the timeline for completion; Systems built are built for backup, backups are added to at a steady state, that’s as fast as the systems need to operate. However, when conducting data remediation we are often talking about multiple Petabytes, and the native systems are encumbered with inadequate bandwidth, software license limitations, hardware support and historical IT resource no longer around.

But here’s where it gets exciting – here comes the SUN. Through our innovative approaches, we don’t just tackle complexity; we deliver what matters most: your Sensitive, Useful & Necessary (SUN) data. After removing all the ROT (Redundant, Obsolete, and Trivial information), what remains is pure SUN – the data that truly is essential.

We are constantly developing ways to do this for our customer, and every time we come across a new challenge and solve the problem, we add the code developed to our existing master code – TRACS. What this means is incredible capability and flexibility has been perfected and there has never been a better time to tackle the legacy data remediation project you have been putting off. Below is a summary of four technical solutions we created for specific projects that are usable for all future projects, and we are quite proud on the innovations.

Remediate by backup session 

Backup sessions are very often multi-threaded across tapes from the servers that are feeding the media server (backup server). Sessions are separated by file marks. So on a set of backup tapes you might see segments of Exchange email, other database servers, file shares, print servers etc. The client wanted to remove all email/messages as well as many database files, but wanted to keep certain database files, including some proprietary types. Traditionally you would have to restore everything, land to massive amounts of disk, filter and then destroy the originals. We came up with a system where we created a container image of targeted backup sessions. We call it a TSF (Tape Session File). It is compressed and there will be multiple of them for a backup set. The really elegant piece is we were able to code a solution where when performing a copy (duplicate), we could land only the targeted sessions and then compile them to a folder and ignore everything else. The result was high speed data remediation by backup session; all performed with about 100TB of disk from over 50 PB of source data 

File level data remediation with no labor cost 

We like automation but it is not always possible. We have about 50 tape libraries in our Atlanta-based vault. Legacy data remediations can be an involved process, requiring lots of staging disk traditionally. However, as our tech develops at the file extension level, we have a very effective automated solution for remediation. We consult with the client on what is to be kept, typically to a file and date period. We enter the complete criteria in a text filed in our software, TRACS. We load the library (a large single tower IBM library can hold circa 700 tapes and 8/12 tape drives). We run the library with TRACS, and it will run through every file and every tape producing a very comprehensive report of inclusions and exclusions. It lands just the inclusions to disk. Then we load the next batch of 700 tapes. We will typically get through 700 tapes per week without requiring manual intervention. The result is high volume and low-cost remediation at the file level. It is ideal for file share and Lotus Notes NSF database email. Container files like Microsoft Exchange / EDB is currently in development. 

Mailbox User Identification 

When a client wishes to identify particular mailbox accounts from a large volume of backup tapes over many years they could take many forms. If MS Exchange they could be PSTs in an EDB, loose PSTs separately backed up, or OSTs from Granular Exchange backups (formerly known as “Brick Level Backups”). There could also be very many instances depending upon the frequency and type of backup, Full, Differential, Incremental, Synthetic Full, Daily/Weekly/Monthly/Yearly. The accounts could be in an Exchange Information Store, or embedded further in VMs or NDMP NAS filer dumps not easily seen without a full restore. In many cases the proximity of these mailbox accounts is not easily known, and a fishing expedition ensues, often starting with a series of tape session scans followed by tape catalog scans. S2|DATA has created a singular use locator for mailbox accounts whether they are loose, in EDBs in NDMP dumps, or even backed up VMs. For large tape volumes the application can run large libraries and identify where the target mailbox accounts are, thereby significantly decreasing the number of tapes that may otherwise have to be fully restored, and account extracted. 

Don’t Remediate the Legacy Data 

There are two main reasons to undertake a legacy data remediation project; Costs and Legal Preservation/Discovery. If it is only the cost element that troubles the client, we can emulate the entire environment and either virtualize it or replace the existing native software licenses with our Metadata Review platform “Invenire”. We can populate Invenire with session and file level metadata from the backup environment, run a “proof-of-concept” test, and then the client can retire software/hardware/IT resources and simply log into Invenire when a file(s) needs to be found and extracted. The tapes or disk storage reside in the vault of S2|DATA. The result is an order of magnitude reduction in cost for the client and a faster time to data should it ever be required. 

S2|DATA’s continued innovation continues to transform legacy data remediation from a time-consuming, resource-intensive process into a streamlined, cost-effective solution. Each new challenge solved adds to our TRACS platform’s capabilities, like processing petabytes with a small staging disk, automating the processing of thousands of tapes without manual intervention, and pinpointing specific data without time-consuming full restores. As our technology evolves and our codebase expands, we’re consistently finding faster, smarter ways to unlock your trapped data. Contact us today to see how our latest innovations can dramatically reduce both the time and cost of your legacy data remediation project. 

Can the GSA save $1M in tape?

Read more

Rethinking ROT: Why ‘Redundant’ Data is No Longer the Real Problem

Read more

Libertas: Breaking Free from Backup Software Lock-in

After 30+ years in the backup industry, I’ve seen countless organizations struggling with a frustrating scenario: they need to keep their backup software running just to read their old backups. It’s like needing to keep an old word processor around just to read documents you created years ago. This has always struck me as fundamentally wrong – your data is your data, after all.

That’s why I’m incredibly excited about S2|DATA’s release of Libertas, the industry’s first free independent backup reader. (Libertas means “freedom” in Latin.) As someone who has spent decades helping organizations solve backup challenges, I see this as a watershed moment.

Freedom

Think about it: How many companies are paying maintenance fees for NetBackupTM just to maintain access to old backups? It’s a tax on your own data, and it’s time for that to end.

Starting with NetBackupTM disk images (with a roadmap of expansion to other products later), Libertas demonstrates something I’ve known for a while: backup formats aren’t magic. They’re just structured ways of storing data, and with the right technology you can read them without the original software.  This is true of even the most proprietary formats (e.g. TSM).  S2|DATA has been reading most backup formats for years with TRACS, and now they’re taking the lessons learned there and offering something for free.

The implications are huge:

  • Companies can finally retire legacy backup infrastructure
  • Data becomes truly portable
  • Vendor lock-in loses its grip
  • Access to historical data becomes democratized

I’ve seen organizations spending hundreds of thousands annually just to maintain access to old backups. Libertas and S2|DATA can  change that equation dramatically. While the first release focuses on NetBackupTM disk images, this is just the beginning. If Libertas does what I think it will do, you’ll see other formats in the future.  (S2|DATA already knows how to read most common backup formats; it’s just a matter of deciding what to give away.)

This isn’t just about saving money (though that’s certainly nice). It’s about fundamentally changing the relationship between organizations and their data. Your historical data shouldn’t be held hostage by the software used to back it up.

As someone who’s fought against vendor lock-in throughout my career, I see Libertas as more than just a tool – it’s a statement that your data belongs to you, not your backup vendor.

The backup industry needs this kind of disruption. We’ve accepted the status quo of software lock-in for too long. It’s time to break free.

Want to be part of this revolution? Head over to https://s2data.com/libertas-download to download Libertas. Let’s make backup software lock-in a thing of the past.

All trademarks are the property of their respective owners.

The Real Cost of “Just Keep Everything”

In today’s data-driven world, many organizations have adopted what seems like a safe approach to data retention: “Keep everything, just in case.” While this strategy might feel prudent, it’s creating unprecedented challenges and costs that far exceed simple storage expenses. Let’s examine the true impact of this approach and explore how modern solutions can help organizations regain control of their legacy data.

Add costs

The Hidden Costs of Keeping Everything

The most obvious cost of a “keep everything” strategy is storage, but this represents just the tip of the iceberg. Consider these often-overlooked expenses:

1. Legacy Software Licensing
Many organizations maintain expensive backup software licenses solely to be able to access to historical data. These annual licensing fees can run into hundreds of thousands of dollars – not for active backup operations, but merely for the ability to read old backups if needed.

2. Hardware Maintenance
Legacy backup systems often require specific hardware configurations. Maintaining and replacing aging hardware components adds significant costs and complexity to your IT infrastructure.

3. Specialized Staff
Someone needs to understand these legacy systems. Whether it’s full-time employees or consultants, maintaining expertise in obsolete systems is expensive and becoming increasingly difficult as skilled professionals retire.

4. Legal and Compliance Risk
Keeping unnecessary data isn’t just expensive – it’s risky. During litigation or regulatory investigations, organizations must search through, review, and potentially produce relevant data. The more unnecessary data you retain, the more expensive and time-consuming this process becomes.

5. Opportunity Cost
When your IT team spends time maintaining legacy systems and searching through obsolete data, they’re not focusing on initiatives that drive business value. This opportunity cost, while hard to quantify, represents a significant drain on organizational resources.

The Search Problem

Perhaps the most frustrating aspect of “keep everything” strategies is that they often fail at their primary objective: having data available when needed. We regularly encounter organizations that have maintained expensive backup infrastructure for years, only to discover they can’t efficiently locate specific information when required.

A recent client maintained over 100,000 backup tapes and spent nearly $1 million annually on legacy system maintenance. Yet when faced with a time-sensitive legal request, they still needed weeks to locate and restore relevant data. The irony? After analysis, we discovered that less than 20% of their stored data had any business or legal value.

A Better Approach

The solution isn’t to simply delete everything – it’s to transform how you manage and access legacy data. This is where S2|DATA’s innovative approach comes in.

Step 1: Understand What You Have

Using our proprietary TRACS platform, we can scan your backup tapes and other legacy storage media, creating a searchable catalog of your data assets. This metadata repository, which we call Invenire, allows you to:
– Quickly identify what data you have
– Determine where specific information is located
– Understand data ages and types
– Make informed decisions about what to keep – and what to delete

Step 2: Enable Efficient Access

Through our TRACS (Tape Restoration and Cataloging System) technology, we eliminate the need for legacy backup software while maintaining complete access to your data. This means:
– No more expensive legacy software licenses
– No specialized hardware requirements
– Rapid access to specific files when needed
– Significant reduction in maintenance costs

Step 3: Optimize Your Storage

With clear visibility into your data assets, you can make informed decisions about:
– What to retain and what to defensibly delete
– How to consolidate storage media
– Which systems can be retired
– How to reduce ongoing maintenance costs

Real Results

One global financial institution recently used this approach to:
– Reduce their tape storage footprint by 95%
– Eliminate $800,000 in annual software licensing fees
– Improve data access time from weeks to hours
– Significantly reduce their compliance risk profile

Making the Transition

Moving from a “keep everything” strategy to an intelligent data management approach doesn’t happen overnight, but it doesn’t have to be disruptive either. The key is starting with a clear understanding of your data assets and implementing tools that make that data accessible and manageable.

Ready to transform how your organization manages legacy data? Contact S2|DATA to learn how we can help you reduce costs, minimize risk, and improve data accessibility without maintaining expensive legacy systems.

The status quo isn’t just expensive – it’s unsustainable. Isn’t it time to stop paying premium rates for a digital safety blanket and start managing your legacy data intelligently?

Cloud Storage: The Hidden Costs That Might Surprise You

As someone who’s spent decades in the data protection and storage industry, I’ve seen technology trends come and go. W. Curtis Preston But few have been as hyped as cloud storage. Don’t get me wrong – cloud storage has its place. But the idea that it’s always cheaper than on-premises solutions? That’s a myth we need to bust.

Let’s break down why the cloud isn’t always the cost-saver you might think it is:

  1. Deep Archive Request Fees.  Glacier Deep Archive is cheap, as long as you don’t touch it.  If you do, pulling data out of that archive costs extra.
  2. Egress Fees: This is the big one. While putting data into the cloud is often free or cheap, taking it out can cost a pretty penny. If you need to retrieve large amounts of data regularly, these fees can add up fast.
  3. Data Transfer Costs: Moving data between cloud regions or to your on-premises systems isn’t free. These costs can sneak up on you.
  4. Compliance and Security: Depending on your industry, you might need additional security measures or compliance features in the cloud. These often come at a premium.
  5. Performance Costs: Need faster performance? Be prepared to pay more. High-performance cloud storage options can be significantly more expensive.

Tape is less expensive & less risky

Now, let’s talk about an alternative that might surprise you: backup tape. Yes, that old-school technology you might have written off years ago.

Backup tape, when stored in a secure vault, can be significantly less expensive – and less risky – than both cloud and on-premises disk storage. Here’s why:

  1. Low Cost per TB: Modern tape cartridges can store massive amounts of data at a very low cost per terabyte.
  2. No Ongoing Fees: Once you’ve written data to tape, there are no monthly storage fees. Just the cost of secure storage, which is minimal.
  3. Long Lifespan: Properly stored tapes can last for decades. No need for constant hardware refreshes.
  4. Energy Efficiency: Tapes in a vault use no electricity, making them incredibly eco-friendly and cost-effective.
  5. Air-Gapped Security: Offline tapes provide an actual air-gapped backup that’s immune to ransomware and other online threats.

But there’s a catch, isn’t there? There always is. The challenge with tape has always been accessibility. When you need to retrieve data from an old backup tape, can you actually read it?

S2|DATA’s solution

This is where modern solutions come into play. Imagine if you could combine the cost-effectiveness and security of tape with the accessibility of more modern systems.

That’s where companies like S2|DATA shine. Their innovative approach to tape management transforms those dusty old tapes into a accessible, searchable archive.

Using their TRACS (Tape Restoration and Cataloging System) software, S2|DATA can read and catalog data from virtually any tape format. No need to maintain old backup software or hardware. And their Invenire system provides a user-friendly interface to search and retrieve data from your tape archive.

This means you get the best of both worlds: the low cost and security of tape storage, with the accessibility you’d expect from more modern solutions. You can keep years of data on cheap, secure tape storage, and still be able to quickly find and retrieve exactly what you need when you need it.

So, before you move everything to the cloud, take a hard look at your actual usage patterns and needs. You might find that a hybrid approach, leveraging the strengths of different storage technologies, gives you the best balance of cost, security, and accessibility.

Remember, in data storage, there’s no one-size-fits-all solution. The key is to understand your options and choose the right tool for each job. Sometimes, that might mean looking to the future by revisiting the past.