cancel
Showing results for 
Search instead for 
Did you mean: 
jbaker
Level 9

Can I Store Evidence of Data Saved to Mobile Devices? (Phones)

Jump to solution

Hello!

Is there any way I can store evidence for users who save data to their mobile devices?

I was able to set up a device rule which lets me know when a mobile device is plugged in to and unplugged from the machine. However I don't seem to be able to get it to store evidence if the users saves files to their device.

I am successfully monitoring and storing evidence when users write data to an external drive like a flash drive. I originally assumed that mobile devices would be treated as storage devices and would fall under my default "Monitor and Store Evidence" Protection Rule but that does not seem to be the case.

I'm not seeing a way for me to add the PnP Definition to the Protection Rules so that I can store evidence for these devices. Only a Removable Storage Protection rule which doesn't let me select Device Classes.

Any help would be greatly appreciated. Hopefully I worded this correctly..

Thank you.

Edited: Formatting on 7/10/13 2:32:01 PM CDT
0 Kudos
1 Solution

Accepted Solutions
vimalnavis
Level 13

Re: Can I Store Evidence of Data Saved to Mobile Devices? (Phones)

Jump to solution

Depends on what the mobile device shows up as to the OS. If the mobile device shows up as regular removable storage media, then a Removable Storage Protection rule can be used to monitor file copy.

If not, you are limited to blocking the device itself using Device rules.

0 Kudos
5 Replies
vimalnavis
Level 13

Re: Can I Store Evidence of Data Saved to Mobile Devices? (Phones)

Jump to solution

Depends on what the mobile device shows up as to the OS. If the mobile device shows up as regular removable storage media, then a Removable Storage Protection rule can be used to monitor file copy.

If not, you are limited to blocking the device itself using Device rules.

0 Kudos
jbaker
Level 9

Re: Can I Store Evidence of Data Saved to Mobile Devices? (Phones)

Jump to solution

I had a feeling this was the case.

I'm assuming it's not going to show up as a regular removable storage media. If it were, my existing rules would have been giving me evidence.

Thank you for the fast reply Vimalnavis!

0 Kudos
SafeBoot
Level 21

Re: Can I Store Evidence of Data Saved to Mobile Devices? (Phones)

Jump to solution

Just a though, why not block iTunes etc? Unless there's a compelling reason for your people to be syncing data to their phones etc?

0 Kudos

Re: Can I Store Evidence of Data Saved to Mobile Devices? (Phones)

Jump to solution

DLP 9.3.1 allows for the creation of Protection Rules that can now monitor data being copied to MTP devices.  If you have tagged or classified data, you can even prevent writing to such devices now.  Be aware that Protection Rules are blanket rules can will cover ALL removable storage, including your approved USBs (exempted by VID/PID, serial number or being EERM-encrypted).

-Jaco

0 Kudos
vimalnavis
Level 13

Re: Can I Store Evidence of Data Saved to Mobile Devices? (Phones)

Jump to solution

Removable Storage Protection rules have always had blanket coverage. The MTP support for RSP vs. RSD is what introduces the caveat/challenge.

0 Kudos