IS4670 Cybercrime Forensics
Unit 4 Assignment 1
Identify Chain of Custody Roles and Requirements
Chain Of Custody
What is chain of custody? Chain of custody is the documentation that identifies the changes in the control, handling, possession, ownership, or custody of a piece of evidence. Itâ€™s very important to maintain a chain of custody for evidence especially computer evidence. You must be able to keep track of your evidence from the time you collect it until the time it is to be presented in court or at a corporate briefing. No matter where it takes you.
When collecting the evidence, you will need to tag it with an evidence tag. An evidence tag must ...view middle of the document...
In civil cases, the organization should have a incident response plan that should be followed. Even with civil cases, the federal and state laws related to search and seizure may come into play. If the case relates to fraud, security breaches, or privacy infringements it may become a legal matter.
In both criminal and civil cases, evidence must be:
Legally obtain â€“ Obey the instructions in the search warrant or incident response plan.
Complete â€“ Donâ€™t leave behind computer evidence even if you think it might exonerate the suspect, even if you think the suspect is an awful person. Stay objective.
Reliable â€“ The evidence must be untainted. It should remain unchanged from its original state. Carefully following procedures will help you ensure that computer evidence doesn't get altered, deleted, enlarged, or changed in any way. Maintaining the chain of custody will also ensure that evidence remains reliable.
Authentic â€“ It has to be the real thing, not a fake.
Believable â€“ A jury and a judge (or corporate managers and auditors) need to understand and accept the evidence. Sometimes this is challenging with highly technical computer evidence.
If any of those are not met the evidence could be thrown out and the case could dismissed.
Evaluating, Securing, and Documenting the Crime Scene
First things first: make sure that you are safe. Non-tech savvy people often think of computer crime scenes are nerds or geeks at their laptops. Computers have become part of a crime scene for many reasons being that technology is so prevalent that conventional criminals, as well as terrorists, use computers to plan their crimes. Take for instance when the military went after Osama Bin Ladin, he had computers and hardrives that were collected.
Evaluate the scene for any danger to yourself and co-workers. If need be, make sure to get medical treatment for anyone that may be injured. Police investigators maybe arresting suspects and escorting them off the premises. If that is the case then you must wait till all this is taken care of before clearing the scene of unnecessary people and then walk around the crime scene to get an idea of may have happened. Mark the perimeter of the scene with crime-scene tape and post a guard if itâ€™s necessary.
The next step should be to recognize computer evidence. Technology shows up in all sorts of places. Evaluate the scene for possible places that digital evidence can reside, including: