ArticlePDF Available

Abstract

Digital chain of custody is the record of preservation of digital evidence from collection to presentation in the court of law. This is an essential part of digital investigation process. Its key objective is to ensure that the digital evidence presented to the court remains as originally collected, without tampering. The chain of custody is important for admissible evidence in court. Without a chain of custody, the opposing attorney can challenge or dismiss the evidence presented. The aim of this paper is to provide a brief introduction to the concept of digital chain custody.
Research Article
July
2017
© www.ijarcsse.com, All Rights Reserved Page | 117
International Journals of Advanced Research in
Computer Science and Software Engineering
ISSN: 2277-128X (Volume-7, Issue-7)
Digital Chain of Custody
Matthew N.O. Sadiku
1
, Adebowale E. Shadare
2
, and Sarhan M. Musa
3
2,1
Department of Electrical & Computer Engg., Prairie View A&M University, Prairie View, TX 77446, United States
3
Department of Engineering Technology, Prairie View A&M University, Prairie View, TX 77446, United States
DOI: 10.23956/ijarcsse/V7I6/01619
Abstract: Digital chain of custody is the record of preservation of digital evidence from collection to presentation in
the court of law. This is an essential part of digital investigation process. Its key objective is to ensure that the digital
evidence presented to the court remains as originally collected, without tampering. The chain of custody is important
for admissible evidence in court. Without a chain of custody, the opposing attorney can challenge or dismiss the
evidence presented. The aim of this paper is to provide a brief introduction to the concept of digital chain custody.
Keywords: digital chain of custody, chain of digital evidence
I. INTRODUCTION
In today’s digital world, the number of cybercrimes is on the rise due to an ever-increasing number of users of digital
and information technologies. Banking, insurance, large corporations, and social media have been the prime targets of
cybercrime. Increasing cybercrime forces the law enforcement agent to find more accurate evidence. The crimes can be
disclosed through a series of digital forensic activities [1]. In the process of forensic investigation, the integrity of digital
evidence is very important.
A chain of custody (CoC) (or chain of evidence) refers to the process of validating how any kind of evidence has been
gathered, tracked, and protected on its way to a court of law. It guarantees that the data presented is “as originally acquired”
and has not been tampered with and is authentic prior to admission into evidence [2]. Without a chain of custody, the
evidence is worthless. To prove chain of custody, you may need to provide a form on the details on how the evidence was
handled every step of the way. Sound chain of custody is a procedure for performing a chronological documentation (or paper
trail) toward evidence. This documentation should be on how the data was gathered, transported, analyzed, and
preserved for production. A chain of custody failure or broken chain of custody (mishandling digital evidence) can cause
a litigation defeat.
In both civilian and military courts, proponents are required to verify the chain of custody of tangible evidence
before its admittance at trial [3]. Conventional approach for chain of custody cannot be used to handle digital evidence
due the peculiar characteristics of digital evidence.
II. ELEMENTS OF DCoC
There are five important elements in a digital chain of custody (DCoC) process [4]:
Characteristics: These include the sources such as PC, digital devices, and cloud.
Dynamics: These include people who are involved in the process, i.e. suspect, victim, law professionals,
forensic investigators. Chain of custody has always been a people process.
Factors: These answer the following questions: What is the digital evidence? Where are the digital evidence?
Who manage with digital evidence? Why do it? When digital evidence is handled? How is handled with digital
evidence? These questions can be answered using fingerprints, biometrics, time stamp, GPS locators, set of
procedures, and best practices.
Institutions: These will include law enforcement, military, security agencies, bank, insurance, corporate
institutions, and individuals.
Integrity: Techniques for ensuring integrity of digital evidence include CRC (Checksum Redundancy Check),
digital signature, encryption, timestamp, and watermarking.
III. ISSUES
Handling the chain of custody for digital evidence is harder than the handling of physical evidence. It involves
recording of metadata information as well as issues of access control and security for all the handling digital chain of
custody [5]. Quite often, the chain of custody software is insufficient by itself to guarantee the courts the quality and
authenticity of those digital evidences.
The security aspects of authenticity, integrity, and confidentiality are important in law enforcement proceedings.
Authenticity can be defined as prevention, detection, and recovery requirements. Integrity is the condition of being whole
and unaltered. Confidentiality refers to information that needs to be treated secret from unauthorized
entities [6].
Legislations on criminal procedures in most nations were enacted before cybercrimes appeared and were not taken
into account. Digital chain of custody requires proper training from the experts. Without it, a digital chain will produce
the same shortfalls of its physical counterpart and people will be trying to cut corners to get stuff done.
Sadiku et al., International Journal of Advanced Research in Computer Science and Software Engineering7(7)
ISSN(E): 2277-128X, ISSN(P): 2277-6451, DOI: 10.23956/ijarcsse/V7I6/01619, pp. 117-118
© www.ijarcsse.com, All Rights Reserved Page | 118
IV. CONCLUSION
Maintaining that chain of custody is essential for the credibility of your digital evidence and eventual testimony. A
compromised chain can undo a legal proceeding and lay waste to years of investigation. Legal professionals should be
familiar with digital chain of custody so that they can challenge opponents with invalid digital evidence. They should be
able to collect useful information, compatible, consistent and connected along the chain of custody.
REFERENCES
[1] Y. Prayudi and S. N. Azhari, “Digital chain of custody: state of the art,” International Journal of Computer
Applications, vol. 114, no. 5, March 2015, pp. 1-9.
[2] A. Stone, “Chain of custody: How to ensure digital evidence stands up in court,” September 2015,
https://www.govtechworks.com/chain-of-custody-how-to-ensure-digital-evidence-stands-up-in-
court/#gs.tWBwS84
[3] D. A. Schum,G. Tecuci, and M. Boicu, “ Analyzing evidence and its chain of custody: a mixed-initiative
computational approach,” International Journal of Intelligence and CounterIntelligence, vol. 22, no. 2, 2009,
pp. 298-319.
[4] J. Cosic, Z. Cosic, and M. Baca, An ontological approach to study and manage digital chain of custody of
digital evidence,” Journal of Information and Organizational Sciences, vol. 35, no. 1, 2011, pp. 1-13.
[5] Y. Prayudi, A. Ashari, and T. K. Priyambodo, “Digital evidence cabinets: A proposed framework for handling
digital chain of custody,” International Journal of Computer Applications, vol. 107, no. 9, December 2014, pp.
30-36.
[6] M. Schäler, S. Schulze, and S. Kiltz, “Database-centric chain-of-custody in biometric forensic systems,” in C.
Vielhauer et al. (eds.). Biometrics and ID Management, Lecture Notes in Computer Science, vol . 6583,
Springer, 2011, pp. 250-261.
ABOUT THE AUTHORS
Matthew N.O. Sadiku (sadiku@ieee.org) is a professor at Prairie View A&M University, Texas. He is the author of
several books and papers. He is a fellow of IEEE.
Adebowale Shadare (shadareadebowale@yahoo.com) is a doctoral student at Prairie View A&M University, Texas. He
is the author of several papers.
Sarhan M. Musa (smmusa@pvamu.edu) is a professor in the Department of Engineering Technology at Prairie View
A&M University, Texas. He has been the director of Prairie View Networking Academy, Texas, since 2004. He is an
LTD Spring and Boeing Welliver Fellow.
... Digital evidence may take the form of images, videos, text, or device logs. Additionally, it incorporates data from social media platforms such as Twitter, Instagram, and Facebook [3][4][5][6][7][8][9][10]. ...
... If any one of these questions is left unanswered, the CoC is compromised and disturbed. Without a certificate of conformity, the evidence is useless [7][8][9][10][11][12][13][14][15]. ...
Article
Full-text available
Digital evidence is critical in cybercrime investigations because it is used to connect individuals to illegal activity. Digital evidence is complicated, diffuse, volatile, and easily altered, and as such, it must be protected. The Chain of Custody (CoC) is a critical component of the digital evidence procedure. The aim of the CoC is to demonstrate that the evidence has not been tampered with at any point throughout the investigation. Because the uncertainty associated with digital evidence is not being assessed at the moment, it is impossible to determine the trustworthiness of CoC. As scientists, forensic examiners have a responsibility to reverse this tendency and officially confront the uncertainty inherent in any evidence upon which they base their judgments. To address these issues, this article proposes a new paradigm for ensuring the integrity of digital evidence (CoC documents). The new paradigm employs fuzzy hash within blockchain data structure to handle uncertainty introduced by error-prone tools when dealing with CoC documents. Traditional hashing techniques are designed to be sensitive to small input modifications and can only determine if the inputs are exactly the same or not. By comparing the similarity of two images, fuzzy hash functions can determine how different they are. With the symmetry idea at its core, the suggested framework effectively deals with random parameter probabilities, as shown in the development of the fuzzy hash segmentation function. We provide a case study for image forensics to illustrate the usefulness of this framework in introducing forensic preparedness to computer systems and enabling a more effective digital investigation procedure.
Book
Full-text available
A szakvéleményekkel kapcsolatos elvárások világszerte gyökeresen megváltoztak. A hibás szakvéleményekre visszavezethető téves ítéletek arra ösztönözték a jogalkotókat, hogy vizsgálják felül a szakértői bizonyítás korábbi elveit. Ez a revízió hazánkban sem kerülhető meg. A kötet bemutatja, hogyan változtak meg a szakvéleményekkel szemben támasztott követelmények külföldön és ez hogyan hat a hazai jogra. Hogyan lehet növelni a szakvélemények validitását? Hogyan ellenőrizhetők a szakértők megállapításai? Hogyan biztosítható, hogy kizárólag a legfelkészültebb szakemberek végezhessenek szakértői tevékenységet és csak a megfelelő színvonalú szakvélemények kerüljenek a jogalkalmazó asztalára? A mű felvázol egy lehetséges ,,sorvezetőt” is, amelyet a nyomozó hatóság, az ügyészség, a bíróság és az ügyvédek is felhasználhatnak a szakértői vélemények értékelése során. A monográfiának nem utolsósorban az is célja, hogy rámutasson a hatályos jogi környezet hiányosságaira. A témában hiánypótló, az elméleti hátteret a joggyakorlatból vett példákkal illusztráló kötetből a munkájukban közvetlenül alkalmazható gyakorlati tanácsokat kaphatnak úgy a szakértői tevékenységet végzők, mint a szakvéleményeket felhasználó jogászok.
Article
Full-text available
Chain of custody of digital evidence in digital forensic field are today essential part of digital investigation process. In order the evidence to be accepted by the court as valid, chain of custody for digital evidence must be kept, or it must be known who exactly, when, where, why and how came into contact with evidence in each stage of the digital investigations process. This paper deals with digital evidence and chain of custody of digital evidence. Authors define taxonomy and use an ontological approach to manage chain of custody of digital evidence. The aim of this paper was to develop ontology to provide a new approach to study and better understand chain of custody of digital evidence. Additionally, developed ontology can be used as a method to further develop a set of standard and procedures for secure management with digital evidence.
Article
Full-text available
Digital forensics starts to show its role and contribution in the society as a solution in disclosure of cybercrime. The essential in digital forensics is chain of custody, which is an attempt to preserve the integrity of digital evidence as well as a procedure for performing documentation chronologically toward evidence. The characteristics of digital evidence have caused the handling chain of custody is becoming more complicated and complex. A number of researchers have contributed to provide solutions for the digital chain custody through a different point of views. This paper gives an overview of the extent to which the problem and challenges are faced in the digital chain of custody issue as well as the scope of researches that can be done to contribute in the issue of the digital chain of custody.
Article
Full-text available
Chain of custody is the procedure to do a chronological documentation of evidence, and it is an important procedure in the investigation process. Both physical and digital evidence is an important part in the process of investigation and courtroom. However, handling the chain of custody for digital evidence is more difficult than the handling of physical evidence. Nevertheless, the handling of digital evidence should still have the same procedure with the handling of physical evidence. Until now handling the chain of custody for digital evidence is still an open problem with a number of challenges, including the business model of the interaction of the parties that deal with digital evidence, recording of metadata information as well as issues of access control and security for all the handling digital chain of custody. The solution offered in this research is to build a model of Digital Evidence Cabinets as a new approach in implementing the digital evidence handling and chain of custody. The model is constructed through three approaches: Digital Evidence Management Frameworks, Digital Evidence Bags with Tag Cabinets as well as access control and secure communication. The proposed framework is expected to be a solution for the availability of an environment handling of digital evidence and to improve the integrity and credibility of digital evidence.
Article
Full-text available
Intelligence analysts encounter a wide variety of items of evidence provided by an array of different sources. Some of these sources are human assets or informants; other sources are sensing devices of various kinds. Of great concern is the extent to which the events revealed in these evidence items can be believed. There is always the possibility that information we receive has been deliberately contrived to mislead us. A human informant may have any number of reasons for fabricating evidence in order to deceive us. It is also possible that our human sources or sensing devices are simply erroneous in their observations. Whether by deliberate fabrications or observational mistakes there is always the possibility of our being misled in the conclusions we draw from intelligence evidence. ------------------------------------
Chain of custody: How to ensure digital evidence stands up in court
  • A Stone
A. Stone, "Chain of custody: How to ensure digital evidence stands up in court," September 2015, https://www.govtechworks.com/chain-of-custody-how-to-ensure-digital-evidence-stands-up-incourt/#gs.tWBwS84
Database-centric chain-of-custody in biometric forensic systems
  • M Schäler
  • S Schulze
  • S Kiltz
M. Schäler, S. Schulze, and S. Kiltz, "Database-centric chain-of-custody in biometric forensic systems," in C. Vielhauer et al. (eds.). Biometrics and ID Management, Lecture Notes in Computer Science, vol. 6583, Springer, 2011, pp. 250-261.
Sadiku (sadiku@ieee.org) is a professor at Prairie View A&M University, Texas. He is the author of several books and papers. He is a fellow of IEEE
  • N O Matthew
Matthew N.O. Sadiku (sadiku@ieee.org) is a professor at Prairie View A&M University, Texas. He is the author of several books and papers. He is a fellow of IEEE.
He has been the director of Prairie View Networking Academy, Texas, since 2004. He is an LTD Spring and Boeing Welliver Fellow
  • M Sarhan
  • Musa
Sarhan M. Musa (smmusa@pvamu.edu) is a professor in the Department of Engineering Technology at Prairie View A&M University, Texas. He has been the director of Prairie View Networking Academy, Texas, since 2004. He is an LTD Spring and Boeing Welliver Fellow.