Regards,
I'm a spanish studient who is in the final year of the degree of private investigation and the subject of my final degree work is "chain of custody of digital evidence," the process since you get a digital test until it is deposited in the court (should preserve the integrity of the source and process, etc.). At work I have to talk about the cryptographic hash (an alphanumeric code calculated through a mathematical algorithm used to ensure the integrity of the test as if amending a bit of a fully digital information code changes). Also I have to mention and other metadata.
The structure of the work consists of a comparison of several chain of custody (that is an issue that is not regulated and therefore I will speak with experts, experts, detectives, etc.), analyze them and choose what I believe which is more correct. Then I'll make a recording on a practical chain of custody will apply where you have chosen above (with the hash and so on).
Having said that, my question is
Could you give me some information on the subject or tell me any book or any source to find information about it?
Thank you.
In terms of chain of custody, this will be the same for digital evidence as pretty much all other evidence.
For the UK version the following may be useful
Hi minime2k9,
thanks for your answer! )
I don't think that there will be any difference *anywhere*, if not maybe the actual forms/paperwork connected to the COC (Chain of Custody).
After all it is basically 4 (four) points
RFC 3227
http//
https://
4 The Archiving Procedure
Evidence must be strictly secured. In addition, the Chain of Custody
needs to be clearly documented.4.1 Chain of Custody
You should be able to clearly describe how the evidence was found,
how it was handled and everything that happened to it.The following need to be documented
- Where, when, and by whom was the evidence discovered and
collected.- Where, when and by whom was the evidence handled or examined.
- Who had custody of the evidence, during what period. How was
it stored.- When the evidence changed custody, when and how did the
transfer occur (include shipping numbers, etc.).
… don't use acronyms and use a pen, not a pencil wink
http//
https://
jaclaz
At work I have to talk about the cryptographic hash (an alphanumeric code calculated through a mathematical algorithm used to ensure the integrity of the test as if amending a bit of a fully digital information code changes). Also I have to mention and other metadata.
You may want to consider that a hash sum does not do anything to ensure integrity of anything, unless there are additional processes that provide that.
A digital signature would do better.
On the concepts of hashing (JFYI)
http//www.forensicfocus.com/Forums/viewtopic/t=11739/
http//www.forensicfocus.com/Forums/viewtopic/t=11854/
jaclaz