What is chain of custody (COC)? And what is the importance of chain of custody for digital forensic investigation?
Chain of custody (CoC) refers to the process of maintaining and documenting the chronological sequence of possession and control of physical or digital evidence, from creation until its final use often presentation in court of law. The digital chain of custody consists of a comprehensive history of data location changes, possession changes, manipulations, accesses, state changes, and so on. It is an important documentation that shows the acquisition, storage, control, and analysis of evidence and is often required if the evidence is going to be presented in legal proceedings or court-of-law.
The key to an effective and successful forensic investigation is the establishment of a dependable chain of custody (CoC). Once digital evidence has been collected, the highest priority is preserving its integrity and it is defined in the chain of custody. Furthermore, the entire chain of custody must be documented in precise detail and include how evidence was protected against tampering through every step of the investigation process.
The purpose of chain of custody procedures is to demonstrate the integrity of the investigation. However, the chain of custody does not ensure that information has not modified in any way, it rather proves that the changes made to the digital evidence were done in a controlled way that did not interfere with the integrity and authenticity of the information.