Published On: 20th January 20226.4 min readTags: , , , ,

What is Chain of Custody?

When presenting digital evidence in a court of law, an official record must be provided, validating the integrity of the evidence. There is a specific order that evidence must be handled in during an investigation, which is referred to as chain of custody. The chain of custody is essentially a paper trail for digital evidence, detailing each move the evidence has made, from collection to presentation. It also provides information on the date and time at which the evidence has been accessed and transferred, and by whom.

Evidence that has been handled outside of the chain of custody is susceptible to being altered or tampered with, which is detrimental to a criminal case. The evidence can be dismissed or challenged if the individual presenting the evidence is unable to provide valid proof of chain of custody. This applies to both physical and digital evidence, including surveillance video, audio recordings and images.


How Does Chain of Custody Work?

There are several different stages within the chain of custody that all must be thoroughly documented. These include:

  • Collection: This refers to when the evidence was obtained and must include how and when it was collected, where it was stored, and who is able to access it.
  • Examination: This occurs during the forensic process and shows the tasks that were completed while the evidence was being reviewed.
  • Analysis: After examining the evidence, it is then analyzed to derive useful information that can be used within an investigation.
  • Reporting: Lastly, the sources of data, tools used, method of extraction, and any issues encountered during processing of the evidence must all be recorded to ensure chain of custody has been maintained.
How Chain of Custody Works

Which chain of custody?

In this Beginner’s Guide, we will be focusing on “chain of custody” in the context of digital evidence and criminal investigation. However, it is important to mention that the term “chain of custody” isn’t confined to these areas. It is also used in several other instances, such as clinical trials of new drugs and vaccines, in the tracing of food products to ensure they were ethically sourced, in tracing missing letters, parcels or other postal products, or in the seizure of valuable items by customs, income tax, or revenue departments. In this guide, what is referred to as “evidence” may simply just be “information” in the context of these other use cases.

Within the forensics and criminal investigation field, mass amounts of digital evidence are collected, accessed, shared, and stored on a regular basis. Therefore, investigators often rely on digital evidence management solutions to help them oversee all of their data. Many of these solutions are capable of maintaining a complete chain of custody for digital evidence to ensure its integrity.

Check out our Digital Evidence Management Beginner’s Guide to learn more about how these solutions work and the benefits they provide.

What Are the Benefits of Chain of Custody?

Tracking the chain of custody for digital evidence is not only legally required, but also offers several advantages. These include:

StorMagic ARQvault and Chain of Custody

StorMagic ARQvault is the industry’s first Active Intelligent Repository. It enables organizations to gather data from anywhere, store it forever, and find it fast. Used in tandem with one or more of our Digital Evidence Management Modules (i.e. File Ingest, In-Car, Body Cam, Interview Room) ARQvault can be configured as a digital evidence management solution.

StorMagic ARQvault Digital Evidence Management solutions provide a full chain of custody report, to ensure that evidence being presented is the same as when it was originally ingested. It makes it impossible for any piece of evidence to be modified and shows the movement of evidence across storage, including when it was accessed and who accessed it. It also details who has added metadata or changed permissions.

ARQvault also maintains the integrity of digital evidence through multiple levels of security – at the vault, storage, and file levels – as well as a digital fingerprint. It integrates with Active Directory or local authentication to provide a complete audit trail.

To learn more about StorMagic ARQvault Digital Evidence Management solutions, visit our product page and download a copy of our ARQvault DEM data sheet and solution brief.


Share This Post, Choose Your Platform!