Yes, current system is a copy of production and its available for few days only. We have to do our analysis and then we will start with the upgrade in dev.
with the changes in SU25 date/time stamps are used to identified if a transaction was updated. i can't remember all the tables of top of head but SU25 is typically ran in Development and resulting PFCG and SU24 changes are transported to production
If you are using a copy of production to test you aren't really testing your approach and your data may vary. Maybe one of the security experts can join in here.
I would have thought you'd take a copy of you DEV environment as a sandpit as this is development work you are testing?
Regards
Colleen