|Title:||Chain of Custody for Digital Data: A Practitioner's Guide|
|Authors:||Jack Wiles , acob Heilik|
|Publication date:||May 31, 2019|
|Number of pages:||115|
This guide aims to establish an understanding of baseline concepts that will inform an organization’s practices related to evidence handling and control. Its purpose is to create a culture of ongoing process improvement to meet current and future needs. Whatever you call it, Chain of Custody, or Possession, or Continuity, it is a significant and vital component of evidence handling. While there seems to be a general understanding of custody concepts, there are few comprehensive guides to documenting and controlling digital data evidence from initial discovery to disposal. If the intent of Chain of Custody is to be able to demonstrate the provenance and authenticity of an item of evidence, then clear documentation is critical. The purpose of this guide is to provide guidance on what is required to be reported and documented at each step. In addition, I try to add clarity that helps to explain some of the technical challenges and why specific information is required. I have also used appendices to add information that clarifies the technical concepts and terminology used in this guide. I recognize that each jurisdiction has its own rules and policies, and have made it clear throughout, that this guide is just that - a guide, to be used in conjunction with local laws, policies and established procedures. The guidance and advice provided is applicable to, and provides a good starting point for proper evidence handling process in any jurisdiction that works on Common Law principles. However, whatever legal system is in place, if it is important to demonstrate provenance and authenticity of digital data, this is the guidance you need.