Identify Chain of Custody Roles and Requirements

profilebzbz93
IdentifyChainofCustodyRolesandRequirements.docx

Learning Objectives and Outcomes

 Describe the requirements of a chain of custody.

 Differentiate the roles of people involved in evidence seizure and handling.

Assignment Requirements

You are a digital forensics intern at Azorian Computer Forensics, a privately owned forensics

investigations and data recovery firm in the Denver, Colorado area. Azorian has been called to a client’s

site to work on a security incident involving five laptop computers. You are assisting Pat, one of

Azorian's lead investigators. Pat is working with the client's IT security staff team leader, Marta, and an

IT staff member, Suhkrit, to seize and process the five computers. Marta is overseeing the process,

whereas Suhkrit is directly involved in handling the computers.

The computers must be removed from the employees' work areas and moved to a secure location

within the client's premises. From there, you will assist Pat in preparing the computers for transporting

them to the Azorian facility.

BACKGROUND

Chain of Custody

Evidence is always in the custody of someone or in secure storage. The chain of custody form

documents who has the evidence in their possession at any given time. Whenever evidence is

transferred from one person to another or one place to another, the chain of custody must be updated.

A chain of custody document shows:

 What was collected (description, serial numbers, and so on)

 Who obtained the evidence

 Where and when it was obtained

 Who secured it

 Who had control or possession of it

The chain of custody requires that every transfer of evidence be provable that nobody else could have

accessed that evidence. It is best to keep the number of transfers as low as possible.

Chain of Custody Form

Fields in a chain of custody form may include the following:

 Case

 Reason of evidence obtained

 Name

 Title

 Address from person received

 Location obtained from

 Date/time obtained

 Item number

 Quantity

 Description

For each evidence item, include the following information:

 Item number

 Date

 Released by (signature, name, title)

 Received by (signature, name, title)

 Purpose of chain of custody

For this assignment:

Walk through the process of removal of computers from employees’ work areas to the client's secure

location and eventually to the Azorian facility. Who might have possession of the computers during each

step? Sketch a rough diagram or flow chart of the process.

Each transfer of possession requires chain of custody documentation. Each transfer requires a signature

from the person releasing the evidence and the person receiving the evidence. Include the from/to

information in your diagram or flow chart.

Required Resources

 Course textbook

 Internet

Submission Requirements

 Format: Microsoft Word

 Font: size 12, double-space

 Length: 1 page

Self-Assessment Checklist

 I have understood the process adequately and reflected my knowledge in a diagram or flow

chart.

 I have included two people or roles in each transfer of the evidence.