Backup & Recovery

Understand what needs to be backed up to protect your investigation data and enable disaster recovery.

Backup Responsibilities

DFIRe is designed to integrate with your existing infrastructure. You are responsible for backing up the external services you provide:

Component Your Responsibility
PostgreSQL Database Back up using your database provider's tools and documentation. Managed services (AWS RDS, Aiven, etc.) typically offer automated backups.
File Storage Back up according to your storage solution: S3 versioning/replication, NAS snapshots, or file server backups.

Consult your database and storage provider's documentation for backup procedures, retention policies, and disaster recovery options.

DFIRe Configuration

In addition to your database and storage, back up the following DFIRe-specific items:

Environment File

The .env file contains your deployment configuration including database connection strings, storage settings, and secret keys. Keep a secure copy of this file.

Application Configuration Export

DFIRe can export your application configuration as a JSON file. This includes case types, evidence types, workflow steps, webhooks, permission groups, and other customizations—but does not include secret keys or credentials.

To export your configuration:

  1. Go to Settings > Tenant > Identity
  2. Click Export JSON in the Data Portability section
  3. Save the exported file securely

This export can be imported into a fresh DFIRe installation to restore your configuration.

Secret Key Backup

Store your secret keys in a secure location separate from your data backups:

  • Password manager — Use your organization's password manager (1Password, Bitwarden, etc.)
  • Secrets manager — Use a dedicated secrets management solution (HashiCorp Vault, AWS Secrets Manager, etc.)
  • Secure offline storage — Print and store in a secure physical location as a last resort backup

Keys to Back Up

Key Purpose
CREDENTIAL_ENCRYPTION_KEY Encrypts stored credentials (API keys, integration secrets, etc.).
SECRET_KEY Django secret key for session management and CSRF protection.

Never regenerate these keys on an existing installation. Changing the encryption key makes previously encrypted credentials unreadable.

File Attachments and the Database

Critical: File attachment encryption keys are stored in the database, not in your environment file. Loss of the database means permanent loss of access to all file attachments and photos—even if the encrypted files themselves are intact in storage.

This tight coupling between the database and file storage means:

  • Database backups are essential — Without the database, encrypted files cannot be decrypted
  • Database and storage must be backed up together — A database backup without the corresponding files (or vice versa) is incomplete
  • Point-in-time consistency matters — Ensure your database and storage backups are coordinated

Recovery

To restore DFIRe after a disaster:

  1. Restore your database from backup using your provider's restore procedure
  2. Restore your file storage or ensure DFIRe can access the restored storage location
  3. Deploy DFIRe with your backed-up .env file (containing the original secret keys)
  4. Import configuration (if needed) using the exported JSON file via Settings > Tenant > Identity
  5. Verify that cases, evidence, and file attachments are accessible

The database is the most critical component for recovery. It contains all case data, user accounts, and the encryption keys needed to decrypt file attachments.