For those of you in corporate environments, do you use/keep a chain of custody? I've read conflicting reports that only law enforcement need them. If you do use them, how do you deal with handling the evidence? Do you pass the form to the person that you've released the equipment to so it stays with the equipment? If that's the case, you have to trust that the person that you gave the equipment to will also fill the form if they hand the equipment to someone else. The equipment could change many hands after you've released it. I'd be very interested to hear how you handle this and if a chain of custody is necessary in corporate environments.
Thanks!
John
Always.
Yes, indeed only law enforcement "need" it, until your evidence is called into court and asked about by that employee or competitor that is suing you…
First, proper chain of custody forms have receipts to the releasing party.
Second, you can only attest to the custody . . . while in your custody. Anything else is not your responsibility.
Thank you!
I definitely use them, partly because of LE background but also because you never know when a corporate case can become a criminal or legal matter.
Always assume the worst I guess.
I have a receipt book in triplicate that I use so my clients have a copy and I also use a chain of custody form that I retain and can be included in reports etc.
The first detective I worked with when first starting out gave me 2 bits of advice.
1. You are only as good as your last case
2. Cover your ar#e
Served me quite well.
Dac
The first detective I worked with when first starting out gave me 2 bits of advice.
1. You are only as good as your last case
2. Cover your ar#e
Served me quite well.
Dac
Totally agree with this. I don't work in LE but we document everything thoroughly and make sure it is fully backed up. You never know when someone can come back to you regarding their device/case and you've got to go back to your custody sheet/documents as a reference.
For those of you in corporate environments, do you use/keep a chain of custody? I've read conflicting reports that only law enforcement need them. If you do use them, how do you deal with handling the evidence? Do you pass the form to the person that you've released the equipment to so it stays with the equipment? If that's the case, you have to trust that the person that you gave the equipment to will also fill the form if they hand the equipment to someone else. The equipment could change many hands after you've released it. I'd be very interested to hear how you handle this and if a chain of custody is necessary in corporate environments.
Thanks!
John
In Spain, it exists the figure of the "notary". He/she is a civil servant who firstly studied Law and then passed difficult exams in order to became a notary. His/Her official documents are written in special numbered papers given to him/her by the Government and his/her words written in them are like God's words written in the Bible.
He/She certifies you accomplish with the chain of custody. For example, you can clone a hard drive in front of him/her and he writes in the document all the steps for the whole procedure and in the end he/she also writes the hashing for the cloning procedure in the document.
I've been working in IT Forensics for about 8 years, never in a law Enforcement role, but solely in corporate environments. I have always approached each case as though it could end up in court. We use chain of custody forms, and document every step we take. On those occasions where cases are passed to law enforcement, at least we have the appropriate documentation in place, along with documented processes and procedures.
The one comment I'd make, is that unlike working in a law enforcement environment, not everyone working within the business understands that importance of documents such as the chain of custody, and often, we can only start the chain of custody at the point where we get our hands on the evidence, which from a legal point of view is too late.
We're working to educate those in the business that may be involved in seizing evidence, but it's not always easy.
I've just done the (ISC)2 CCFP boot camp and exam, and there is some good guidance on forensics within corporate environments, but really this comes down to treating all evidence as though it is going to end up in court.
We use CoC forms when the physical media arrives to our group - but it's for internal tracking only.
We once had the same opinion as many treat it as if it will go to court.
Well for the handful of times that actually happened - the LE agencies involved didn't care about our chains of custody. From their perspective chain of custody starts when they receive the hardware - and I agree with them.
Unnecessary paperwork has now been reduced.