IS4670 Cybercrime Forensics
Unit 4 Assignment 1
Identify Chain of Custody Roles and Requirements
Chain Of Custody
What is chain of custody? Chain of custody is the documentation that identifies the changes in the control, handling, possession, ownership, or custody of a piece of evidence. It’s very important to maintain a chain of custody for evidence especially computer evidence. You must be able to keep track of your evidence from the time you collect it until the time it is to be presented in court or at a corporate briefing. No matter where it takes you.
When collecting the evidence, you will need to tag it with an evidence tag. An evidence tag must document the date and time, your name, the case number, where you found the item, other facts relevant to the case, and other information depending on the policies and procedures of your investigation team. After you tag the evidence, you will then bag it and give it to an evidence custodian. Some experts call this process "bagging and tagging."
Just an FYI, an evidence custodian is an individual who is in charge of documenting, transporting, and storing all evidence. The evidence custodian must make sure that the evidence is safely transported to an evidence locker. The evidence locker may be located at the police station and have employees that watch over them. These people are also called evidence custodians. If this may be a civil case, you should still appoint a person to be the evidence custodian
Legally Seizing Computer Evidence
Computer evidence is like any other evidence in many ways. It's the same concept as a car that gets impounded in a drunk-driving case or a frying pan that gets seized in a domestic dispute case. In order to be admissible in court the evidence must be obtained legally. To be leagally obtained you must have a search warrant, and you must get that from a judge, and you must have probable cause for him/her to sign it.
In civil cases, the...