© www.ijarcsse.com, All Rights Reserved Page | 117
International Journals of Advanced Research in
Computer Science and Software Engineering
ISSN: 2277-128X (Volume-7, Issue-7)
Digital Chain of Custody
Matthew N.O. Sadiku
, Adebowale E. Shadare
, and Sarhan M. Musa
Department of Electrical & Computer Engg., Prairie View A&M University, Prairie View, TX 77446, United States
Department of Engineering Technology, Prairie View A&M University, Prairie View, TX 77446, United States
Abstract: Digital chain of custody is the record of preservation of digital evidence from collection to presentation in
the court of law. This is an essential part of digital investigation process. Its key objective is to ensure that the digital
evidence presented to the court remains as originally collected, without tampering. The chain of custody is important
for admissible evidence in court. Without a chain of custody, the opposing attorney can challenge or dismiss the
evidence presented. The aim of this paper is to provide a brief introduction to the concept of digital chain custody.
Keywords: digital chain of custody, chain of digital evidence
In today’s digital world, the number of cybercrimes is on the rise due to an ever-increasing number of users of digital
and information technologies. Banking, insurance, large corporations, and social media have been the prime targets of
cybercrime. Increasing cybercrime forces the law enforcement agent to find more accurate evidence. The crimes can be
disclosed through a series of digital forensic activities . In the process of forensic investigation, the integrity of digital
evidence is very important.
A chain of custody (CoC) (or chain of evidence) refers to the process of validating how any kind of evidence has been
gathered, tracked, and protected on its way to a court of law. It guarantees that the data presented is “as originally acquired”
and has not been tampered with and is authentic prior to admission into evidence . Without a chain of custody, the
evidence is worthless. To prove chain of custody, you may need to provide a form on the details on how the evidence was
handled every step of the way. Sound chain of custody is a procedure for performing a chronological documentation (or paper
trail) toward evidence. This documentation should be on how the data was gathered, transported, analyzed, and
preserved for production. A chain of custody failure or broken chain of custody (mishandling digital evidence) can cause
a litigation defeat.
In both civilian and military courts, proponents are required to verify the chain of custody of tangible evidence
before its admittance at trial . Conventional approach for chain of custody cannot be used to handle digital evidence
due the peculiar characteristics of digital evidence.
II. ELEMENTS OF DCoC
There are five important elements in a digital chain of custody (DCoC) process :
Characteristics: These include the sources such as PC, digital devices, and cloud.
Dynamics: These include people who are involved in the process, i.e. suspect, victim, law professionals,
forensic investigators. Chain of custody has always been a people process.
Factors: These answer the following questions: What is the digital evidence? Where are the digital evidence?
Who manage with digital evidence? Why do it? When digital evidence is handled? How is handled with digital
evidence? These questions can be answered using fingerprints, biometrics, time stamp, GPS locators, set of
procedures, and best practices.
Institutions: These will include law enforcement, military, security agencies, bank, insurance, corporate
institutions, and individuals.
Integrity: Techniques for ensuring integrity of digital evidence include CRC (Checksum Redundancy Check),
digital signature, encryption, timestamp, and watermarking.
Handling the chain of custody for digital evidence is harder than the handling of physical evidence. It involves
recording of metadata information as well as issues of access control and security for all the handling digital chain of
custody . Quite often, the chain of custody software is insufficient by itself to guarantee the courts the quality and
authenticity of those digital evidences.
The security aspects of authenticity, integrity, and confidentiality are important in law enforcement proceedings.
Authenticity can be defined as prevention, detection, and recovery requirements. Integrity is the condition of being whole
and unaltered. Confidentiality refers to information that needs to be treated secret from unauthorized
Legislations on criminal procedures in most nations were enacted before cybercrimes appeared and were not taken
into account. Digital chain of custody requires proper training from the experts. Without it, a digital chain will produce
the same shortfalls of its physical counterpart and people will be trying to cut corners to get stuff done.
Sadiku et al., International Journal of Advanced Research in Computer Science and Software Engineering7(7)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, DOI: 10.23956/ijarcsse/V7I6/01619, pp. 117-118
© www.ijarcsse.com, All Rights Reserved Page | 118
Maintaining that chain of custody is essential for the credibility of your digital evidence and eventual testimony. A
compromised chain can undo a legal proceeding and lay waste to years of investigation. Legal professionals should be
familiar with digital chain of custody so that they can challenge opponents with invalid digital evidence. They should be
able to collect useful information, compatible, consistent and connected along the chain of custody.
 Y. Prayudi and S. N. Azhari, “Digital chain of custody: state of the art,” International Journal of Computer
Applications, vol. 114, no. 5, March 2015, pp. 1-9.
 A. Stone, “Chain of custody: How to ensure digital evidence stands up in court,” September 2015,
 D. A. Schum,G. Tecuci, and M. Boicu, “ Analyzing evidence and its chain of custody: a mixed-initiative
computational approach,” International Journal of Intelligence and CounterIntelligence, vol. 22, no. 2, 2009,
 J. Cosic, Z. Cosic, and M. Baca, “An ontological approach to study and manage digital chain of custody of
digital evidence,” Journal of Information and Organizational Sciences, vol. 35, no. 1, 2011, pp. 1-13.
 Y. Prayudi, A. Ashari, and T. K. Priyambodo, “Digital evidence cabinets: A proposed framework for handling
digital chain of custody,” International Journal of Computer Applications, vol. 107, no. 9, December 2014, pp.
 M. Schäler, S. Schulze, and S. Kiltz, “Database-centric chain-of-custody in biometric forensic systems,” in C.
Vielhauer et al. (eds.). Biometrics and ID Management, Lecture Notes in Computer Science, vol . 6583,
Springer, 2011, pp. 250-261.
ABOUT THE AUTHORS
Matthew N.O. Sadiku (firstname.lastname@example.org) is a professor at Prairie View A&M University, Texas. He is the author of
several books and papers. He is a fellow of IEEE.
Adebowale Shadare (email@example.com) is a doctoral student at Prairie View A&M University, Texas. He
is the author of several papers.
Sarhan M. Musa (firstname.lastname@example.org) is a professor in the Department of Engineering Technology at Prairie View
A&M University, Texas. He has been the director of Prairie View Networking Academy, Texas, since 2004. He is an
LTD Spring and Boeing Welliver Fellow.