The chain of custody, also known as the chain of evidence, provides a paper trail that tracks each time someone handles a piece of physical evidence. In the case of digital forensics, this might include the original hard drive or other primary evidence collected by investigators and used for later analysis. In this video, learn how to maintain a chain of custody for electronic evidence.
- When evidence is used in court or another formal setting,…both parties involved in a dispute…have the right to ensure that the evidence presented…has not been tampered with during the collection,…analysis, or storage process.…We've already discussed how hashing can be used…to verify that digital evidence has not changed.…The chain of custody also plays an important role…in ensuring the authenticity of evidence.…The chain of custody, also known as the chain of evidence,…provides a paper trail that tracks each time…someone handles a piece of physical evidence.…
In the case of digital forensics,…this might include the original hard drive…or other primary evidence collected by investigators…and used for later analysis.…When collecting physical evidence,…the evidence should always be placed…in an evidence storage bag…or other container that is labeled…with the date, time, and location of collection;…the name of the person collecting the evidence,…and the contents of the storage bag.…It should then be sealed with a tamper-resistant seal…
- Building an incident response program
- Escalation and notification
- eDiscovery process
- Conducting investigations
- System and file forensics
- Reporting and documenting incidents
- Business continuity planning
- Validating backups
- Testing BC/DR plans
Skill Level Intermediate
Q: This course was updated on 06/01/2018. What changed?
A: We updated three videos, covering creating an incident response program, communications plan, and response team.