I am wondering on the different ways of maintaining a chain of custody that does not compramise the digital evidence?
Any tips such as database structures are wecome )
The problem with using a database is that it can fail, and probably at the time you don't want it to. Using old-school pen and paper, with name, date and signature is always the best way to go.
Or am I just being old-fashioned? D
I use a database to maintain the evidence list and custody transfers, and soon to capture signatures. I print the CoC out also in case of failure (new with old-fashioned built in chrism).
Chrism - There is no such thing as old fashioned, it's just a well practiced and reliable method ) I used pen and paper presviously and it got tiering for me, it's just because im young.
Miker065 - I was thinking of using a hybrid such as the one you describe and have been jotting idea's, I was thinking of potentially making a UI with a step by step approach which would not allow me to miss a section such as a seriel number.
I started with an existing paper chain and worked backwards. Most chains have two portions; an evidence list, and a transfer list. Taking that structure, I created two new tables into my existing DB
TABLECASES (pre-existing) 1 to many to
TABLEEVIDENCELIST 1 to many to
TABLECUSTODYTRANSFERS
My GUI allows me to enter all the data I want to track in the evidence list (and print evidence labels). I can also enter the transfers of the evidence in the transfer table from the same GUI.
I can then print out a paper CoC with all of the above information to keep in the hard file.
Brilliant I will keep that in mind ) thank you!!