Chain of Custody refers to the logical sequence that records the sequence of custody, control, transfer, analysis and disposition of physical or electronic evidence in legal cases. Each step in the chain is essential as if broke, the evidence may be rendered inadmissible. Thus we can say that preserving the chain of custody is about following the correct and consistent procedure and hence ensuring the quality of evidence. Show
Let’s get started with each section in detail. If you are in the field of Cyber Security, you will be at one point in your career will be involved in Digital Forensics. One of the concepts that is most essential in Digital Forensics is the Chain of Custody.
Digital evidence is acquired from the myriad of devices like a vast number of IoT devices, audio evidence, video recordings, images, and other data stored on hard drives, flash drives, and other physical media. Importance of maintaining Chain of Custody?Importance to Examiner:
Importance to the Court: If not preserved, the evidence submitted in the court might be challenged and ruled inadmissible. Chain of Custody ProcessIn order to preserve digital evidence, the chain of custody should span from the first step of data collection to examination, analysis, reporting, and the time of presentation to the Courts. This is very important to avoid the possibility of any suggestion that the evidence has been compromised in any way. Let’s discuss each stage of the chain of custody in detail:
The Chain of Custody FormIn order to prove a chain of custody, you’ll need a form that lists out the details of how the evidence was handled every step of the way. The form should answer the following questions:
The CoC form must be kept up-to-date. This means every time the best evidence is handled off, the chain of custody form needs to be updated. Procedure to establish the Chain of CustodyIn order to assure the authenticity of the chain of custody, a series of steps must be followed. It is important to note that the more information Forensic expert obtains concerning the evidence, the more authentic is the created chain of custody. You should ensure that the following procedure is followed according to the chain of custody for electronic devices:
How can the Chain of Custody be assured?A couple of considerations are involved when dealing with digital evidence and Chain of Custody. We shall discuss the most common and globally accepted and practiced best practices.
The Digital evidence and Digital Chain of Custody are the backbones of any action taken by digital forensic specialists. In this article, we have examined the seriousness of the digital evidence and what it entails and how slight tampering with the digital evidence can change the course of the forensic expert’s investigation. References: – https://en.wikipedia.org/wiki/Chain_of_custody This article needs additional citations for verification.(March 2012) Chain of custody (CoC), in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Of particular importance in criminal cases, the concept is also applied in civil litigation and more broadly in drug testing of athletes and in supply chain management, e.g. to improve the traceability of food products, or to provide assurances that wood products originate from sustainably managed forests. It is often a tedious process that has been required for evidence to be shown legally in court. Now, however, with new portable technology that allows accurate laboratory quality results from the scene of the crime, the chain of custody is often much shorter which means evidence can be processed for court much faster.
The term is also sometimes used in the fields of history, art history, and archives as a synonym for provenance (meaning the chronology of the ownership, custody or location of a historical object, document or group of documents), which may be an important factor in determining authenticity.
When evidence can be used in court to convict persons of crimes, it must be handled in a scrupulously careful manner to prevent tampering or contamination. The idea behind recording the chain of custody is to establish that the alleged evidence is in fact related to the alleged crime, rather than having, for example, been "planted" fraudulently to make someone appear guilty.
Establishing the chain of custody is made of both a chronological and logical procedure, especially important when the evidence consists of fungible goods. In practice, this most often applies to illegal drugs which have been seized by law enforcement personnel. In such cases, the defendant at times disclaims any knowledge of possession of the controlled substance in question. Accordingly, the chain of custody documentation and testimony is presented by the prosecution to establish that the substance in evidence was in fact in the possession of the defendant.
An identifiable person must always have the physical custody of a piece of evidence. In practice, this means that a police officer or detective will take charge of a piece of evidence, document its collection, and hand it over to an evidence clerk for storage in a secure place. These transactions, and every succeeding transaction between the collection of the evidence and its appearance in court, should be completely documented chronologically in order to withstand legal challenges to the authenticity of the evidence. Documentation should include the conditions under which the evidence is gathered, the identity of all evidence handlers, duration of evidence custody, security conditions while handling or storing the evidence, and the manner in which evidence is transferred to subsequent custodians each time a transfer occurs (along with the signatures of persons involved at each step). Maintaining a chain of custody is essential for the forensic scientist that is working on a specific criminal case. The documentation of evidence is key for maintaining a chain of custody because everything that is done to the piece of evidence must be listed and whoever came in contact with that piece of evidence is accountable for what happens to it. This prevents police officers and other law officials from contaminating the evidence or taking the piece of evidence. ExampleAn example of chain of custody would be the recovery of a bloody knife at a murder scene:
The chain of custody requires that from the moment the evidence is collected, every transfer of evidence from person to person be documented and that it be provable that nobody else could have accessed that evidence. It is best to keep the number of transfers as low as possible. In the courtroom, if the defendant questions the chain of custody of the evidence it can be proven that the knife in the evidence room is the same knife found at the crime scene. However, if there are discrepancies and it cannot be proven who had the knife at a particular point in time, then the chain of custody is broken and the defendant can ask to have the resulting evidence declared inadmissible. Chain of custody is also used in most chemical sampling situations to maintain the integrity of the sample by providing documentation of the control, transfer, and analysis of samples. Chain of custody is especially important in environmental work where sampling can identify the existence of contamination and can be used to identify the responsible party. ISO standard 22095, Chain of custody – General terminology and models was published in 2020. The ISO describes this standard as "a simple solution" designed "to help boost manufacturer and consumer confidence, reducing supply chain costs by addressing issues like risk, loss of time and conditions of production".[1]
|