Digital evidence (h...
 
Notifications
Clear all

Digital evidence (help)

6 Posts
4 Users
0 Likes
627 Views
(@edogawa)
Posts: 2
New Member
Topic starter
 

Regards,

I'm a spanish studient who is in the final year of the degree of private investigation and the subject of my final degree work is "chain of custody of digital evidence," the process since you get a digital test until it is deposited in the court (should preserve the integrity of the source and process, etc.). At work I have to talk about the cryptographic hash (an alphanumeric code calculated through a mathematical algorithm used to ensure the integrity of the test as if amending a bit of a fully digital information code changes). Also I have to mention and other metadata.

The structure of the work consists of a comparison of several chain of custody (that is an issue that is not regulated and therefore I will speak with experts, experts, detectives, etc.), analyze them and choose what I believe which is more correct. Then I'll make a recording on a practical chain of custody will apply where you have chosen above (with the hash and so on).

Having said that, my question is

Could you give me some information on the subject or tell me any book or any source to find information about it?

Thank you.

 
Posted : 25/08/2015 11:35 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

In terms of chain of custody, this will be the same for digital evidence as pretty much all other evidence.
For the UK version the following may be useful

Here

 
Posted : 26/08/2015 11:19 am
(@edogawa)
Posts: 2
New Member
Topic starter
 

Hi minime2k9,

thanks for your answer! )

 
Posted : 26/08/2015 2:53 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I don't think that there will be any difference *anywhere*, if not maybe the actual forms/paperwork connected to the COC (Chain of Custody).

After all it is basically 4 (four) points
RFC 3227
http//www.rfc-base.org/rfc-3227.html
https://www.ietf.org/rfc/rfc3227.txt

4 The Archiving Procedure

Evidence must be strictly secured. In addition, the Chain of Custody
needs to be clearly documented.

4.1 Chain of Custody

You should be able to clearly describe how the evidence was found,
how it was handled and everything that happened to it.

The following need to be documented

- Where, when, and by whom was the evidence discovered and
collected.

- Where, when and by whom was the evidence handled or examined.

- Who had custody of the evidence, during what period. How was
it stored.

- When the evidence changed custody, when and how did the
transfer occur (include shipping numbers, etc.).

… don't use acronyms and use a pen, not a pencil wink
http//www.houstontx.gov/health/Lab/Initiating%20and%20Maintaining%20a%20Chain%20of%20Custody%20Document.pdf

https://web.archive.org/web/20070623154513/http//www.houstontx.gov/health/Lab/Chain%20of%20Custody.pdf

jaclaz

 
Posted : 27/08/2015 1:43 pm
(@athulin)
Posts: 1156
Noble Member
 

At work I have to talk about the cryptographic hash (an alphanumeric code calculated through a mathematical algorithm used to ensure the integrity of the test as if amending a bit of a fully digital information code changes). Also I have to mention and other metadata.

You may want to consider that a hash sum does not do anything to ensure integrity of anything, unless there are additional processes that provide that.

A digital signature would do better.

 
Posted : 27/08/2015 9:56 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

@Edogawa

On the concepts of hashing (JFYI)
http//www.forensicfocus.com/Forums/viewtopic/t=11739/
http//www.forensicfocus.com/Forums/viewtopic/t=11854/

jaclaz

 
Posted : 28/08/2015 8:06 pm
Share: