Understand-the-Chain-of-Custody-and-It’s-Importance

Understand the Chain of Custody and It’s Importance

Understand the Chain of Custody and It’s Importance In this Chain of custody is a legal document that demonstrates the progression of evidence as it travels from the original evidence location to the forensic laboratory. It is a roadmap that shows how investigators collected, analyzed, and preserved the evidence. The investigators need to present this document in court. It ensures accurate auditing of the original data evidence, imaging of the source media, tracking of the logs, and so on. The chain of custody shows the technology used and the methodology adopted in the forensic phases as well as the persons involved in it.

The chain of custody administers the collection, handling, storage, testing, and disposition of evidence. It helps to ensure protection of evidence against tampering or substitution of evidence, Chain of custody documentation should list all the people involved in the collection and preservation of evidence and their actions, with a stamp for each activity.

The chain of custody form should identify:

  • Sample collector
  • Sample description, type, and number
  • Sampling data and location
  • Any custodians of the sample

Submission of the digital evidence in court requires a multi-dimensional approach. From this point of view, the chain of custody assumes important significance. The forensic investigator needs to document each step taken during the period of collecting the evidence. It is important that the investigators clarify the source, date of recovery, method of recovery, and nature of the digital evidence.

Related Product : Computer Hacking Forensic Investigator

Packaging and Transporting Electronic Evidence

Investigators need special equipment to analyze the devices, extract the evidence, and analyze it. Therefore, they need to transport it to the laboratory for investigation and to the court. This section will make you aware of the processes that can help in packaging and transporting the digital evidence in a safe and secure manner.

Evidence Bag Contents List

Additional details required on the panel of the evidence bags include name of the officers who took photographs or prepared a scene sketch, sites where individual items were found, and names of the suspects, if any.

Exhibit Numbering

Exhibit numbering or exhibit labeling refers to the process of tagging evidence with sequential number, which includes case and evidence details. This will allow the investigator to easily identify the evidence and know its details. The investigators should mark all the evidence in a pre-agreed format, such as: aaa/ddmmyy/nnnn/zz. Where:

  • aaa are the initials of the forensic analyst or law enforcement officer seizing the equipment.
  • dd/mm/yy is the date of seizure.
  • nnnn is the sequential number of the exhibits seized by aaa, starting with 001 and going to nnnn. zz is the sequence number for parts of the same exhibit (e.g., ‘A’ could be the CPU, ‘B’ the monitor, ‘C’ the keyboard, etc.)

Also Read : Declarant Unavailable

Storing Electronic Evidance

Electronic devices contain digital information that may be potential evidence such as system date, time, and configuration. They lose this potential evidence because of improper and prolonged storage. Digital/electronic evidence is fragile in nature. Therefore, first responders should follow the practices mentioned in the slide.

Computer Forensics Investigation Methodology

During the investigation of digital devices, all the evidence may be present in the form of data. Therefore, the investigators should have expertise in acquiring the data stored across various devices in different forms. This section will describe how the investigators can acquire such data.

Guidelines for Acquiring Evidence

Acquiring evidence is a critical step in the investigation. It changes the scenario of the case, as there can be a large amount of information that helps to solve the case. The guidelines for acquiring the evidence are:

  • Select the appropriate resources for finding the evidence.
  • Do not perform any operation on the incident system that could change or delete possible evidence.
  • Create a duplicate for the evidence and perform forensics on it.
  • If the devices carrying evidences are necessary to keep the business running or if the investigators cannot transport the device, copy or image the evidence.
  • Use sample banners to record system activities, when used by an unauthorized user.
  • Seize any equipment that can act as evidence.
  • When seizing the evidence, do not power down the computer.
  • Make sure the examiner’s storage device is forensically clean while gathering and preserving the evidence.
  • Initiate write protection to secure and protect original evidence.
  • In warning banners, organizations give clear and unequivocal notice to intruders that by signing onto the system they are expressly consenting to such monitoring.

Original Evidence Should Never Be Used for Analysis

Investigation and analysis processes can have both positive and negative impact over the evidential data, and sometimes these processes can alter this data in such a way that it is no longer acceptable in a court of law. Therefore, the investigators should make copies of the evidence and work on it to avoid damage to the original data in case of accidents or mishaps.

This section will discuss the procedures that the investigators should follow to avoid damage of evidence files.

Questions related to this topic

  1. How do you maintain chain of custody for digital forensic evidence?
  2. What are the four steps in collecting digital evidence?
  3. What considerations are involved with digital evidence?
  4. How can email be investigated and used as evidence?
  5. Explain Understand the Chain of Custody and It’s Importance ?

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Leave a Comment