Digital Chain of Custody

Digital chain of custody is the record of preservation of digital evidence from collection to presentation in the court of law. This is an essential part of digital investigation process. Its key objective is to ensure that the digital evidence presented to the court remains as originally collected, without tampering. The chain of custody is important for admissible evidence in court. Without a chain of custody, the opposing attorney can challenge or dismiss the evidence presented. The aim of this paper is to provide a brief introduction to the concept of digital chain custody.

Download Full-text

A DESIGN OF DIGITAL CHAIN CUSTODY FOR REPUBLIC OF IRAQ

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.3.3.108 ◽

2020 ◽

Vol 3 (3) ◽

pp. 24-32

Author(s):

Shireen M. Abed Zaid ◽

Bayan M. Sabbar

Keyword(s):

Conventional Method ◽

Digital Evidence ◽

Application Software ◽

Physical Evidence ◽

Chain Of Custody ◽

Problematic Issue ◽

A Chain ◽

Investigation Process ◽

Application Design

Chain of custody (COC) is a concept and process designed to ensure the integrity of evidence including digital evidence (DE). Also, it defines a set of procedures to document files according to its chronological [1]. In this paper, the authors design a Chain of custody application software in order to document all digital evidence in order to ensure its integrity. Thus, a chain of custody application design to document the digital evidence from the time it collected to the time where the evidence actually presented at the court to ensure the digital evidence integrity and authenticity. It can help the investigator to follow clear documentation during the investigation process because of the conventional method considered a problematic issue when it used for digital evidence. In addition to physical evidence and digital evidence have different features and characteristics.The Chain of Custody application for digital evidence is designed using the SQL and XML [3] schema approach to save case information and compute DE hash value. then compare it with its value stores in the COC tab. This solution comes as one of the solutions to enrich the existing solution of the digital chain of custody.

Download Full-text

RPAS Forensic Validation Analysis Towards a Technical Investigation Process: A Case Study of Yuneec Typhoon H

Sensors ◽

10.3390/s19153246 ◽

2019 ◽

Vol 19 (15) ◽

pp. 3246

Author(s):

Fahad E. Salamh ◽

Umit Karabiyik ◽

Marcus K. Rogers

Keyword(s):

Digital Evidence ◽

Digital Forensic ◽

Forensic Validation ◽

Aerial Vehicle ◽

Rapid Pace ◽

Forensic Artifacts ◽

Aerial Systems ◽

Admissible Evidence ◽

Investigation Process

The rapid pace of invention in technology and the evolution of network communication has produced a new lifestyle with variety of opportunities and challenges. Remotely Piloted Aerial Systems (RPAS) technology, which includes drones, is one example of a recently invented technology that requires the collection of a solid body of defensible and admissible evidence to help eliminate potential real-world threats posed by their use. With the advent of smartphones, there has been an increase in digital forensic investigation processes developed to assist specialized digital forensic investigators in presenting forensically sound evidence in the courts of law. Therefore, it is necessary to apply digital forensic techniques and procedures to different types of RPASs in order to create a line of defense against new challenges, such as aerial-related incidents, introduced by the use of these technologies. Drone operations by bad actors are rapidly increasing and these actors are constantly developing new approaches. These criminal operations include invasion of privacy, drug smuggling, and terrorist activities. Additionally, drone crashes and incidents raise significant concerns. In this paper, we propose a technical forensic process consisting of ten technical phases for the analysis of RPAS forensic artifacts, which can reduce the complexity of the identification and investigation of drones. Using the proposed technical process, we analyze drone images using the Computer Forensics Reference Datasets (CFReDS) and present results for the Typhoon H aerial vehicle manufactured by Yuneec, Inc. Furthermore, this paper explores the availability and value of digital evidence that would allow a more practical digital investigation to be able to build an evidence-based experience. Therefore, we particularly focus on developing a technical drone investigation process that can be applied to various types of drones.

Download Full-text

THE INTEGRATION OF DIGITAL FORENSICS SCIENCE AND ISLAMIC EVIDENCE LAWS

International Journal of Law, Government and Communication ◽

10.35631/ijlgc.417006 ◽

2019 ◽

Vol 4 (17) ◽

pp. 61-70

Author(s):

Mohamad Khairudin Kallil ◽

Ahmad Che Yaacob

Keyword(s):

Operating Procedure ◽

Digital Forensics ◽

Islamic Law ◽

Standard Operating Procedure ◽

Digital Evidence ◽

Standard Requirement ◽

Standard Operating ◽

Chain Of Custody ◽

Court Proceedings ◽

A Chain

Evidence is anything that tends to prove or disprove a fact at issue in legal action. It involves the offering of alleged proof through testimony or objects at court proceedings to persuade the trier of fact about an issue in dispute. Islamic Evidence Law is a body of rules that helps to govern conduct and determines what will admissible in certain legal proceedings and trials. In the proceeding that involves digital evidence, the court will consider whether the digital evidence is admissible or inadmissible depends on the requirements of admissibility stated in law statutes in force and the existence of any Standard Operating Procedure (SOP). Under section 33 of the Syariah Court (Federal Territories) Evidence Act or other Syariah Evidence Enactments, digital evidence is subjected to be authenticated by the digital forensics experts. In digital forensics, the process of identification, preservation, collection, analysis, and presentation is the main procedures contained in any Standard Operating Procedure (SOP) of any digital forensics services. The court will ensure that this procedure can maintain the authenticity and the originality of the evidence especially on the issue of expert qualification, a chain of custody and analysis part. Thus, digital forensics is integrated with the Islamic law of evidence to maintain justice in delivering judgment. Therefore, this article examines the standard requirement of the admissibility of digital evidence by digital forensic methodology by using the qualitative approach on the analysis of articles, books, law statutes documents and law cases. The results show that the need for amendment of Syariah Court Evidence and Procedure statutes and the necessity of the existence of Standard Operating Procedure (SOP) on digital evidence in the Syariah courts as a guideline for judges, lawyers and parties involved.

Download Full-text

Adoption of Chain of Custody Improves Digital Forensic Investigation Process

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.1.2.14 ◽

2018 ◽

Vol 1 (2) ◽

pp. 13-23

Author(s):

Talib Mohammed Jawad

Keyword(s):

Practical Method ◽

Digital Evidence ◽

Successful Implementation ◽

Forensic Investigation ◽

Digital Forensic ◽

Experimental Environment ◽

Wide Range ◽

Chain Of Custody ◽

Acceptable Method ◽

Investigation Process

Chain of custody plays an important role in determine integrity of digital evidence, because the chain of custody works on a proof that evidence has not been altered or changed through all phases, and must include documentation on how evidence is gathered, transported, analyzed and presented. The aims of this work is first to find out how the chain of custody has been applied to a wide range of models of the digital forensic investigation process for more than ten years. Second, a review of the methods on digitally signing an evidence that achieves the successful implementation of chain of custody through answering a few questions "who, when, where, why, what and how", and thus providing digital evidence to be accepted by the court. Based on the defined aims an experimental environment is being setup to outline practically an acceptable method in chain of custody procedure. Therefore, we have adopted SHA512 for hashing and regarding encryption RSA and GnuGP is applied where according to the defined requirement a combination of this algorithms could be adopted as a practical method.

Download Full-text

Blockchain Based Digital Evidence Chain of Custody

Proceedings of the 2020 The 2nd International Conference on Blockchain Technology ◽

10.1145/3390566.3391690 ◽

2020 ◽

Author(s):

Wenqi Yan ◽

Jiachen Shen ◽

Zhenfu Cao ◽

Xiaolei Dong

Keyword(s):

Digital Evidence ◽

Chain Of Custody

Download Full-text

A Mobile-Oriented System for Integrity Preserving in Audio Forensics

Applied Sciences ◽

10.3390/app9153097 ◽

2019 ◽

Vol 9 (15) ◽

pp. 3097 ◽

Cited By ~ 2

Author(s):

Diego Renza ◽

Jaime Andres Arango ◽

Dora Maria Ballesteros

Keyword(s):

Computational Cost ◽

Digital Evidence ◽

Audio Signals ◽

Audio Forensics ◽

Audio Recordings ◽

Hash Code ◽

Chain Of Custody ◽

Code Changes ◽

Hash Codes

This paper addresses a problem in the field of audio forensics. With the aim of providing a solution that helps Chain of Custody (CoC) processes, we propose an integrity verification system that includes capture (mobile based), hash code calculation and cloud storage. When the audio is recorded, a hash code is generated in situ by the capture module (an application), and it is sent immediately to the cloud. Later, the integrity of the audio recording given as evidence can be verified according to the information stored in the cloud. To validate the properties of the proposed scheme, we conducted several tests to evaluate if two different inputs could generate the same hash code (collision resistance), and to evaluate how much the hash code changes when small changes occur in the input (sensitivity analysis). According to the results, all selected audio signals provide different hash codes, and these values are very sensitive to small changes over the recorded audio. On the other hand, in terms of computational cost, less than 2 s per minute of recording are required to calculate the hash code. With the above results, our system is useful to verify the integrity of audio recordings that may be relied on as digital evidence.

Download Full-text

Law Enforcement Authorities' Legal Digital Evidence Gathering: Legal, Integrity and Chain-of-Custody Requirement

2013 European Intelligence and Security Informatics Conference ◽

10.1109/eisic.2013.44 ◽

2013 ◽

Cited By ~ 1

Author(s):

Jyri Rajamaki ◽

Juha Knuuttila

Keyword(s):

Law Enforcement ◽

Digital Evidence ◽

Chain Of Custody ◽

Evidence Gathering

Download Full-text

Digital Evidence Cabinets: A Proposed Framework for Handling Digital Chain of Custody

International Journal of Computer Applications ◽

10.5120/18781-0106 ◽

2014 ◽

Vol 107 (9) ◽

pp. 30-36 ◽

Cited By ~ 3

Author(s):

Yudi Prayudi ◽

Ahmad Ashari ◽

Tri K Priyambodo

Keyword(s):

Digital Evidence ◽

Chain Of Custody

Download Full-text

A Cyber Crime Investigation Model Based on Case Characteristics

International Journal of Digital Crime and Forensics ◽

10.4018/ijdcf.2017100104 ◽

2017 ◽

Vol 9 (4) ◽

pp. 40-47

Author(s):

Zhi Jun Liu

Keyword(s):

Case Analysis ◽

Digital Evidence ◽

Cyber Crime ◽

Legal Requirements ◽

Model Based ◽

Early Stages ◽

Investigation Area ◽

Crime Investigation ◽

Digital Investigation ◽

Case Characteristics

In the early stages of the digital investigation of cyber crime, digital evidence is inadequate, decentralized and fragmented. Cyber crime investigation model based on case characteristics is presented in this paper, to help determine investigation orientation and reduce investigation area. Firstly, purifying and filtering the digital evidence collected, classification and acquirement of event sets are accomplished. Secondly, a method of imperfect induction is applied to analyze the event sets and construct one or more premises, and combining with the case characteristics extracted from the legal requirements, inference and its reliability are given. Finally, through a case analysis of network pyramid sales, the initial practice shows the model is feasible and has a consulting value with cyber crime investigation.

Download Full-text

Chain of Custody

The Forestry Chronicle ◽

10.5558/tfc73697-6 ◽

1997 ◽

Vol 73 (6) ◽

pp. 697-699

Author(s):

Tony Rotherham

Keyword(s):

Forest Product ◽

Forest Certification ◽

Product Certification ◽

Point Of Sale ◽

Chain Of Custody ◽

Problems And Solutions ◽

A Chain

A chain of custody provides a link between the forest of origin and the forest product at point of sale. Several systems have been proposed, strengths and weaknesses, problems and solutions are discussed.I will address two aspects of Chain of Custody.• What is it?• What benefits will it bring to Canadian forestry?Chain of Custody can be broadly defined as a system or way to provide a link between the Forest of Origin and a Forest Product at point of sale. Chain of Custody is usually associated with the broader subject of Forest Certification or Forest Product Certification. At least three types of approaches have been proposed. Each has its strengths and weaknesses.

Download Full-text