Back to Blog

What is Chain of Custody?

Sean Stapleton

When it comes to resolving a legal situation, a claimant is positioned to make a strong case if they have properly authenticated evidence.

Chain of custody is a legal tool designed to ensure that evidence is authentic and intact from the moment it was collected. Chain of custody involves validating how evidence was collected, cataloged, stored, and protected prior to its appearance within a court of law. When chain of custody is followed, it confirms the evidence has not been corrupted and is indeed authentic. If chain of custody is not followed, evidence becomes useless.

Before the widespread use of digital technology, chain of custody was applied to physical objects. As forensic science and investigative techniques evolved, the practices to establish and maintain a reliable chain of custody have become dependable.

Today, chain of custody is increasingly being applied to electronic and digital records, including emails, social media posts, company web pages, digital audio, and video recordings. Even though the type of evidence is different, time-tested chain of custody procedures are still effective when it comes to maintaining the integrity of evidence discovered during an investigation. However, the conventional chain of custody approach cannot be applied to digital evidence because of the distinct qualities of digital evidence.

What is Chain of Custody?

To put it in everyday terms, chain of custody is similar to the process that allows us to track shipments through the postal service, FedEx, and other delivery providers. Tracking platforms allow us to see what a shipment contained, where a package originated, where it stopped along the way, and when it was delivered. More sophisticated commercial tracking platforms provide more granular detail, including who handled a shipment, when the shipment was inspected, and the condition of the shipment along various points along the route.

With chain of custody, every person that handles a piece of evidence must document their actions. This is typically done using a standard form. Documentation should lay out how the evidence was collected, transferred, assessed, and stored for later use.

There are five critical elements that are used to establish a valid digital chain of custody. First, the source of the evidence, such as a PC or smartphone, must be identified. Second, the people involved in the chain of custody must also be identified.

Third, the who, what, when, where, why, and how related to the piece of evidence must be identified. Collectively, these are known as the "factors" and they can be identified using timestamps, GPS data, biometric data, or other types of confirming information.

Fourth, the institutions related to the chain of custody must be identified. Institutions may include companies, law enforcement, military agencies, and individuals.

Fifth and finally, integrity must be ensured. This can be done using digital signatures, encryption, and timestamps.

Once completed, this form acts as a chronological document that lays out the entire chain of custody for a specific piece of evidence. Establishing and maintaining a chain of custody for digital evidence is more challenging than it is for physical evidence, as digital manipulation is easier to achieve and alterations can be more difficult to detect. Therefore, it is essential to have precautions and security measures in place. In both military and civilian legal systems, representatives must be able to confirm the chain of custody for their evidence before it can be accepted at court.

What are the Potential Challenges?

When the court looks at the chain of custody for a piece of evidence, it is looking to confirm authenticity, confidentiality, and integrity. For authenticity, a court needs to see proof that a piece of evidence is what it is claimed to be. For confidentiality, a court needs to see that the evidence has been kept secret from unauthorized parties. The court also wants to see that the evidence has been kept whole and unaltered.

Preserving a chain of custody for physical evidence is easier than it is for digital evidence. A digital chain of custody is dependent on the integrity of recorded time stamps and other forms of metadata. It also involves access control and secure handling procedures. While there is chain of custody software available, many courts do not see it as a standalone solution.

Furthermore, the rules on court proceedings in most countries were developed long before digital technology and cybercrime. Emergence of these phenomena in the past few decades means that older law enforcement and legal professionals likely require proper training on digital chain of custody. If law enforcement or legal professionals aren't familiar with the digital side of chain of custody, it could seriously affect any legal proceedings involving digital evidence.

Ultimately, a broken or misinterpreted digital chain of evidence could undo a legal proceeding that has been underway for years or even decades.

How can MirrorWeb Help?

The archiving solutions at MirrorWeb have been designed with chain of custody and eDiscovery in mind. If you are looking to minimize your liability, visit our homepage today to schedule a consultation.

More from the Blog

How the SEC Keeps Raising the Stakes on Mobile Messaging

A closer look at the investigation timeline, and why it continues to escalate.

Read Story

How RegTech Platforms Can Adapt to the Modern Working World

Many of the current generation of communications surveillance platforms were built 20 years ago. How can compliance tools keep up with the world they were built to regulate?

Read Story

Introducing Archive Compare

Next in our MirrorWeb Insight Feature Spotlight series, we'll take you through Archive Compare.

Read Story

See what we can do for you.

Let us show you why MirrorWeb is trusted by organizations across the globe for their compliance and digital preservation needs.