Chain of Custody

00:01

in this lesson, we'll talk about chain of custody, why it's required for enterprise security and how it's a useful. During legal proceedings,

00:09

we'll discuss what has to be recorded within a chain of custody,

00:13

how chain of custody effects, evidence, integrity

00:17

and the negative effects and incomplete chain of custody may have on the credibility of digital evidence.

00:24

Now that we've established a case complete with an easily identifiable case name,

00:29

what's the next step in the case management process?

00:35

The answer is creating a chain of custody for all. Case evidence is the first step. In any case, after establishing the case in the first place,

00:45

a chain of custody is a document or documents, which show every time, possession or control, often evidence item changes.

00:53

Chain of custody must answer the following questions about any given evidence item.

00:59

What is the evidence? How did you get it?

01:02

When was it collected?

01:03

Who has handled it?

01:06

Why did that person handle it? And where was it stored?

01:08

Thanks to Andrea, for tuna at Andrea, for tuna dot or for the list,

01:14

there's a chain of custody template attached to this lesson. As a supplemental resource. Let's take a look at this document now.

01:22

A typical chain of custody consists off

01:25

the stakeholder for whom the investigation is being conducted.

01:29

A project code or case name.

01:32

The Responsible Party, which is usually the party performing the collection.

01:37

The date and time that the evidence item was received or released.

01:42

The name and signature off the releasing party and the receiving party.

01:47

The evidence item number for each evidence item being either received or release,

01:53

as well as a description of each evidence item, which could include things like

02:00

the make and model, the serial number. The condition. So anything related to Marc's scratches, the condition in which the item was received,

02:10

or the user or owner off the evidence item,

02:15

plus any further comments.

02:17

So why is a chain of custody important for security case management?

02:24

Well,

02:25

evidence integrity is Priority one. When conducting an investigation,

02:30

even at the outset of an enterprise security case, when it may not yet be known, the full nature or extent often event or incident

02:39

evidence integrity must be maintained

02:43

very often. An event which seems only slightly suspicious or even benign, can result in litigation or otherwise end up in court

02:52

evidence without a well maintained chain of custody has compromised integrity. Therefore, any findings resulting from analysis off that evidence inherently less credible or potentially not credible at all

03:06

evidence and findings, which have little to no credibility, have very little value.

03:12

So maintaining evidence, integrity and well documented chain of custody off paramount importance in all security cases,

03:21

what are two things which should be recorded in a chain of custody?

03:28

As discussed earlier? There are many things which can be recorded, such as the Stakeholder Project code in case name, the responsible party,

03:36

dates and times received and released, etcetera.

03:39

In this lesson, we talked about chain of custody.

03:43

Why it's imperative during all enterprise security cases and how it is useful during legal activity,

03:51

we covered what must be recorded within a chain of custody, how chain of custody effects, evidence integrity,