Mobile devices provide key evidence for criminal investigations, but accessing the critical information on mobile devices can often be challenging. Getting access to the data is only one part of the challenge. Establishing and maintaining device chain of custody (CoC) is also extremely important in order to streamline and limit any potential risks associated with your digital forensic investigation.
Device CoC, is defined as the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Maintaining the CoC is essential in order to prevent any type of contamination of seized evidence through improper device and data handling.
Essentially, you must document each and every person who came into contact with the evidence and identify how the evidence was handled. The best time to establish device CoC is upon initial contact with the device at which you should document as much information as possible, including:
- Time and physical location of seizure
- Device specifications like make, model, and serial number
- Who took control of the physical evidence
- How was the device secured (e.g. faraday bag)
- What was the state of the device (e.g. locked, encrypted etc.)
Digital forensic access tools, such as GrayKey, can extract encrypted or inaccessible data from mobile devices and offers same-day extractions on locked iOS and leading Android devices – often in less than one hour. GrayKey reduces the risk of breaking the COC and compromising evidentiary integrity by providing the ability to quickly access and extract evidence from mobile devices with complete control. Having this ability to quickly extract data from a mobile device not only helps expedite your investigations, but it also ensures that you are maintaining control over the evidence.
To learn more about the importance of maintaining chain of custody and GrayKey, check out our latest e-book.