Let's imagine you were working somewhere, and saw and heard something shady. Maybe related to that, you get a bunch of people messaging you on slack about it. Well you know you can't pull logs out of slack since you're not an admin, so how do you definitely prove someone said something???
Here's the method that's working for me.
- Screenshot
- Export screenshot as PDF
- Lock both files
- Keep a spreadsheet that's an inventory
This sounds strange, but it works well in a court. Let's go over each item:
Screenshot
I use a Mac at work, and for this, I just use the Preview app that comes from Apple. I like it, cause you and add a signature to your screenshot right after you take it. The exact how to can be found right here in this article from Apple. You need to also add a simple text block on the screen with today's date. I use YYYY-MM-DD. Lastly, when taking a screenshot on a Mac, make sure it includes the date time at the top of the window of your computer too.
CMD+SHIFT+4 on a Mac will start up a screenshot, where you can select the entire area. Get the whole window.
Bad Example:
Excellent example:
Note, that I'm in full window mode. Once the select tool for the screenshot comes up, the rest of the background becomes immutable. Make sure to mouse to the top of the screen to bring up that bar showing date/time
At this point, your file is looking really good, but we can take it further. In Preview, before you've even closed it, after saving your email and date, you can export the file as a PDF. Just hit File at the top left, it's in the drop down. This creates a new file, that already has your signature and date in it, and tacks on a ton more metadata.
Lock your files
Next up on a Mac, you'll need to lock these files. Right click > Get Info > (I like to copy the name of the screenshot in that little text entry field) > hit the check box to lock the file. Do this with both the screenshot and PDF.
Keep an inventory
Next, take that file name, and go get a spreadsheet together. I use LibreOffice for this, since I know it isn't monitoring my activity.
Whip up columns that make sense to you, but get the name of the file, and why you decided that this information should be captured. I keep a 'topic' column too, related to why I think this screenshot is an issue. Perhaps it's someone saying that a database isn't encrypted, I put "RDS" in that topic column.
Keeping a copy
Here's a spot that can get a bit touchy for you. How to send this information to yourself for safe keeping. GET YOUR OWN LAWYER, but my general understanding is that if this info is being collected in good faith, you're ok. But company's often have things installed on your machine monitoring your activity.
I've been able to get away with using Airdrop to share this folder of stuff I have, directly to my iPhone. No one noticed so far. You could try some other things like using a private browser to transfer things to your own google drive or something, but I think doing something in browser is probably monitored more effectively.
There's a lot of ways to accomplish this, and I'm not the correct expert on what options would keep you hidden. If you're at this point in the process, get on the internet and do some reading.
What if I want really be crazy about storing this info?
I went to Microcenter, bought a dozen 32gb thumb drives, and a new yubikey.
I encrypted the folder with a wicked long password,