Chain of Custody

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 34 minutes
Difficulty
Advanced
CEU/CPE
1
Video Transcription
00:01
in this lesson, we'll talk about chain of custody, why it's required for enterprise security and how it's a useful. During legal proceedings,
00:09
we'll discuss what has to be recorded within a chain of custody,
00:13
how chain of custody effects, evidence, integrity
00:17
and the negative effects and incomplete chain of custody may have on the credibility of digital evidence.
00:24
Now that we've established a case complete with an easily identifiable case name,
00:29
what's the next step in the case management process?
00:35
The answer is creating a chain of custody for all. Case evidence is the first step. In any case, after establishing the case in the first place,
00:45
a chain of custody is a document or documents, which show every time, possession or control, often evidence item changes.
00:53
Chain of custody must answer the following questions about any given evidence item.
00:59
What is the evidence? How did you get it?
01:02
When was it collected?
01:03
Who has handled it?
01:06
Why did that person handle it? And where was it stored?
01:08
Thanks to Andrea, for tuna at Andrea, for tuna dot or for the list,
01:14
there's a chain of custody template attached to this lesson. As a supplemental resource. Let's take a look at this document now.
01:22
A typical chain of custody consists off
01:25
the stakeholder for whom the investigation is being conducted.
01:29
A project code or case name.
01:32
The Responsible Party, which is usually the party performing the collection.
01:37
The date and time that the evidence item was received or released.
01:42
The name and signature off the releasing party and the receiving party.
01:47
The evidence item number for each evidence item being either received or release,
01:53
as well as a description of each evidence item, which could include things like
02:00
the make and model, the serial number. The condition. So anything related to Marc's scratches, the condition in which the item was received,
02:10
or the user or owner off the evidence item,
02:15
plus any further comments.
02:17
So why is a chain of custody important for security case management?
02:24
Well,
02:25
evidence integrity is Priority one. When conducting an investigation,
02:30
even at the outset of an enterprise security case, when it may not yet be known, the full nature or extent often event or incident
02:39
evidence integrity must be maintained
02:43
very often. An event which seems only slightly suspicious or even benign, can result in litigation or otherwise end up in court
02:52
evidence without a well maintained chain of custody has compromised integrity. Therefore, any findings resulting from analysis off that evidence inherently less credible or potentially not credible at all
03:06
evidence and findings, which have little to no credibility, have very little value.
03:12
So maintaining evidence, integrity and well documented chain of custody off paramount importance in all security cases,
03:21
what are two things which should be recorded in a chain of custody?
03:28
As discussed earlier? There are many things which can be recorded, such as the Stakeholder Project code in case name, the responsible party,
03:36
dates and times received and released, etcetera.
03:39
In this lesson, we talked about chain of custody.
03:43
Why it's imperative during all enterprise security cases and how it is useful during legal activity,
03:51
we covered what must be recorded within a chain of custody, how chain of custody effects, evidence integrity,
03:57
as well as the negative effects a broken chain of custody can have on the credibility of digital evidence.
Up Next